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(54) Methods and systems for context-aware policy determination and enforcement 



(57) Context aware computing systems and meth- 
ods are described. In one described embodiment, de- 
vices and methods are provided that are context-aware 
(in one example-location-aware) in that they provide for 
the application and enforcement of various policies as 
a function of context. Specifically, various computing de- 
vices, through the described methodologies and struc- 
tures, are able to automatically detemnine their context. 
Once context is determined, a collection of policies can 



be evaluated to provide a resultant set of policies that 
apply to the given context. The resultant set of policies 
are then enforced, typically via the device's operating 
system. Policy enforcement can involve promulgating 
new settings or state to applications that are executing 
on or off the device. Advantageously, the devices and 
methodologies can adapt the resultant set of policies as 
the device's context changes so that the policies can be 
dynamically determined and enforced automatically as 
the device's context changes. 
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Description 
TECHNICAL FIELD 

5 [0001] This invention relates to generally to the area of context-aware computing or ubiquitous computing. 
BACKGROUND 

[0002] The World Wide Web (WWW) was created to make content available from any source in any location around 

10 the world. Users of the Web are able to generally access a seemingly infinite number of resources via the Web. The 
Web has been highly successful In this regard. Yet, with the evolution of the Web, certain needs remain largely unmet. 
Specifically, people continue to have a need to access infomiation that has a contextual aspect to it. That Is, often 
times, Individuals will find themselves In a computing environment that cam'es with it a certain context. Yet, the context 
of the environment cannot be easily incorporated into the present computing environment. As an example, consider 

15 the context of location. People generally have a need to access information, data, resources and the tike, that have 
geographic dimensions to them. For example, individuals may desire to take advantage of services or products that 
are close in proximity to where they currently are located. In this regard, it is desirable to understand the individual's 
contextual location so that services, goods and the like can be made available to the individual. As "eCommerce" 
continues to grow in importance, the necessity of bringing people, places, services and goods together in an efficient 

20 manner will become critically important 

[0003] To date, many attempts have been made to bring people, places, services and goods together. These various 
attempts have generally approached the problem from different directions in an often times incompatible manner As 
an example, consider the context of location. Some services have attempted to bring people and services together by 
defining large databases that maintain infonnation about the services. For example, a list of restaurants may be main- 

25 tained in a web accessible database where each restaurant is associated with a zip code in which the restaurant is 
located. When a user desires to locate a particular restaurant, they might simply enter the zip code where they are 
located to see a list of conresponding restaurants in that zip code. From the list of restaurants, they might be able to 
select one or two restaurants of interest. This approach is undesirable for a number of reasons. First, the operation of 
the system is dependent upon a central server that is responsible for receiving user queries and executing the queries 

30 to return the infonnation to the user In the event the server fails, so too does the service. In addition, this particular 
service might be suited to finding restaurants, but possibly not other businesses. In addition, the granularity with which 
the results are returned to the user may foist some of the search burden on the user (i .e. the user gets a list of restaurants 
in a nearby zip code, but has to further explore the list to select which ones are of interest). Further, the list of restaurants 
may include some restaurants that are blocked by some type of a physteal barrier (i.e. a river, mountain, etc.) that 

35 makes the distance, as the crow flies, unroutable. 

[0004] Providers of services and products want to be connected to nearby end-users. End-users want to consume 
these services and goods at the closest and most convenient location. Acquiring the services of a dentist or a plumber 
that lives somewhere "out on the nef is not appropriate if you need them to fill a cavity or unclog a sink. Looking for 
the nearest hotdog while in a stadium requires you to stay in the stadium. 

40 [0005] There is an unsolved need to be able to create context-aware computing in which computing devices can 
participate in their particular context. In specific circumstances, there are needs to provide relational position awareness 
among physical locations in both publk: and private views of the worid. To date, however, there is no one standardized 
view of the worid that would unlock the potential of context-aware computing. Context-aware computing is much more 
than just position awareness — although this is a very big field in and of itself. 

45 [0006] This invention arose out of concerns associated with developing a standardized, context-aware infrastructure 
and related systems to unlock the potential of context-aware computing. 

SUMMARY 

50 [0007] Context aware computing systems and methods are described. In one described embodiment, devices and 
methods are provided that are context-aware (in one example — location-aware) in that they provide for the application 
and enforcement of various policies as a function of context. Specifically, various computing devices, through the 
described methodologies and structures, are able to automatically determine their context. Once context is determined, 
a collection of policies can be evaluated to provide a resultant set of policies that apply to the given context. The 

55 resultant set of policies are then enforced, typically via the device's operating system. Policy enforcement can involve 
promulgating new settings or state to applk:ations that are executing on or off the device. Advantageously, the devices 
and methodologies can adapt the resultant set of policies as the device's context changes so that the policies can be 
dynambally determined and enforced automatically as the devk^e's context changes. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
[0008] 

5 Fig. 1 is a diagram of an exemplary computing device that can be used in accordance with the described embod- 

iments. 

Fig. 2 is a conceptual diagram of an exemplary Master World and an exemplary Secondary Worid in accordance 
with the described embodiment. 

Fig. 3 Is an exemplary specific view of a Master Worid and a Secondary World and their relation to one another. 
10 Fig. 4 Is a flow diagram that describes steps in a method in accordance with the described embodiment. 

Fig. 5 is a flow diagram that describes steps in a method in accordance with the described embodiment. 

Fig. 6 is a high level diagram of an exemplary computing device architecture. 

Fig. 7 is a somewhat more specific view of an exemplary computing device architecture. 

Fig. 8 is a flow diagram that describes steps In a method in accordance with the described embodiment. 
15 Fig. 9 is a flow diagram that describes steps In a method In accordance with the described embodiment. 

Fig. 10 is a flow diagram that describes steps in a method in accordance with the described embodiment. 

Fig. 11 is a side elevational view of an exemplary location beacon in accordance with one embodiment. 

Fig. 12 is a block diagram that illustrates an architecture in accordance with one described embodiment. 

Fig. 13 Is a block diagram that illustrates a policy collection that can be provided In accordance with one described 
20 embodiment. 

Fig. 14 is a flow diagram that describes steps In a method In accordance with the described embodiment. 
Fig. 15 is a flow diagram that describes steps in a method in accordance with the described embodiment. 

DETAILED DESCRIPTION 

25 

Overview 

[0009] To provide a standardized solution, embodiments described just below provide a unifomi definition of the 
worid. The unlfomri definition is defined In terms of a hierarchical tree of nodes, where each node represents some 

30 aspect of the worid. Each node is connected to at least one other node by a branch. An exemplary classlfrcation of 
nodes takes place on a physical level {e.g. physical locations such as political entitles, Infrastructure entitles and public 
places), as well as a non-physical level (e.g. military APOs). This hierarchical nodal structure is referred to as the 
Master Worid, and Is a standardized view worldwide. Each node of the Master Worid has various attributes associated 
with it that assist In context-aware computing. Exemplary attributes include a unique ID, name, geographic entity class. 

35 latitude/longitude, relative importance, contextual parents to name just a few. The Master World is useful because it 
can be used to determine the relative location of a place anywhere in the worid and at any definable granularity. 
[0010] Once an individual's location or a place an individual is Interested In Is determined, various services that 
reference the location can be offered to the Individual based on their location. That is, value Is provided by the Master 
World model in the ability to tie services to nodal locations in the Master World. 

40 [001 1 ] Building on this concept, two additional concepts add value — the concept of so-called Secondary Worids and 
a "geozone." 

[0012] A Secondary Worid is a powerful computing mechanism whereby individual entitles (such as businesses or 
organizations) can define their own particular worlds that need not necessarily confomi to the Master Worid view of 
the world. That Is, while the Master Worid is essentially a physrcal hierarchical representation of the worid, the Sec- 
ondary Worids can be physical and/or logical representations of each Individual entities' worid view. One particularly 
useful aspect of the Secondary Worid Is that it links, at at least one point, into the Master Worid. Thus, within any 
Secondary Worid, a user's location not only within the Secondary World, but the Master Worid as well can be deter- 
mined. Various services can be attached to the nodes of the Secondary Worid. Based upon a user's calculated position, 
these various services that are associated with Secondary Worid nodes can be offered to the user. In addition, because 
so the user's context Is detemnined relative to the Master Worid, other services that may not be associated with a particular 
Secondary Worid can be offered. 

[001 3] A geozone is essentially a spatial indexing mechanism by which the Master Worid is subdivided into individual 
zones. In the described embodiment, the zones are subdivided through the use of a quadtree algorithm that is depend- 
ent on a density function (although many other spatial index approaches can also be used). Once a desired density 
55 level is achieved (density might be defined in temns of points of interest per zone), each node on the Master Worid is 
assigned a particular geozone. Geozones enable proximity calculations to be computed in a fast and straight forward 
manner. 

[0014] A useful aspect of the Master and Secondary Worids are that they are "reachable" from various computing 
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devices such as stationary (I.e. desktop devices) or mobile computing devices (i.e. cell phones, laptops etc.). That is, 
the Master World (or at least a portion of it) and one or more Secondary Worlds can be either locally maintained on 
the computing device, or accessed, e.g. via the Web or some other mechanism, so that a user can derive their context. 
For example, the Secondary World can be downloaded onto the computing device so that a user can derive their 
5 context within the Secondary World. Once a user's context is detennined from the Master Worid and one or more 
Secondary Worlds, a various robust collection of context-aware solutions become available to the user. For example, 
specific Secondary World services can be offered or Master World services can be offered. Additionally, services from 
other Secondary Worlds might also be offered since the user's location may be known (or made known) to these other 
Secondary Worlds. In this way, the Master World can link two or more Secondary Worlds together. 
10 [0015] Another aspect is that the described embodiments harness the computing power of each computing device 
in detennlning the device's location. Here, by virtue of having the Master World and one or more Secondary Worlds 
reachable by the device (and possibly locally maintained on the device), the device itself detemrtines its own context. 
[0016] One embodiment provides a client side device that Is configured to utilize the context-aware structures that 
are discussed above, i.e. the Master and one or more Secondary Worlds. The Master World or a portion thereof can 
t5 be locally available on the device or can be accessible at another location, e.g. via the Web. In this embodiment, the 
client device has a location service embodied thereon. The described location service Is a software module that can 
determine the location of the device and can answer queries from various applications (either executing on the device 
or off the device). The location service determines the location of the device by using the Master World and one or 
more Secondary Worids. The applications query the location service through one or more Application Program Inter- 
ne faces (APIs) or Events to get location information that is used by the applk^atlons to render a service. 

[0017] The location service makes use of one or more location providers that convey information to the device. This 
infomnatlon can be information that is specific to the location provider, or can be information that can be mapped directly 
into a node of the Master World or Secondary Worids. Exemplary location providers can Include Global Positioning 
Service (GPS) providers, cell phone providers (cell providers), Bluetooth providers, a user interface provider and the 
25 like. The location providers provide information that gives some aspect of a device's current location. This information 
is used by the location service to ascertain the location of the device. 

[001 8] One particularly advantageous feature of the client device is a standard or common location provider interface. 
The location provider interface enables the various location providers to provide infomnation to the location service so 
that the location sen/ice can use the infomnation to determine its location. Essentially, the multiple location provider 

30 interface is a common interface that enables multiple different location providers to provide location infomiation (or 
hints) about location to a location service that is on a device. The location providers can provide the location Information 
constantly, at intervals, or when polled by the device. The location information can be provided with confidence and 
accuracy estimates to enable the location servfce to evaluate the relative quality of the information before it is used. 
The various providers also have the ability to self-monitor themselves which assists in the providers' ability to inteili- 

35 gently convey infomiation to the location service. By having a common interface, the collection of location providers 
is dynamically extensible — that is location providers can be added or removed from the collection of location providers 
without any interference of the functionality performed by the location service or device. The location providers can be 
added or removed while the device is operating. This is particularly useful in accommodating location providers that 
are developed in the future. In this particular embodiment, two levels of abstraction are provided i.e. (1) the provider 

40 interface that receives infomnation from the location providers and (2) the API/events layer that enables applications 
to get at the various Information. 

[0019] One focus of this embodiment is a devk^e that can collect context infomiation (e.g. location infomiation) from 
a variety of different sources, detemriine the device's current context from that infomnation, and provide the current 
context at some level to one or more applications that can use the devk^e's context to render a service or enable the 

45 device to participate in its context environment. 

[0020] In the described embodiment, the device receives location Infonnation or hints about its location. This infor- 
mation is collated and mapped by the location service into a node in the Master Worid and/or Secondary World. The 
hierarchical trees can then be traversed to detemnine the device's accurate location in both the Secondary Worid and 
the Master Worid. At this point, the device has determined its context. The infomiation that is collected can be subject 

50 to artjitratlon to ensure that only highly trusted infomiation is used to determine context. The location infonnation can 
be cached to provide "cun-ent location infomnation" which, for a definable period of time will be accurate to some degree. 
Thus, if for some reason other location providers are unavailable, the cache can be used to ascertain location. 
[0021] Once a device's location Is determined, the device can apply a security policy to the information. Once this 
is done, the device can begin to answer queries from various applications. 

55 [0022] One aspect of the described embodiment is a "favorite locations'* aspect in which the device can be automat- 
ically configured, when it detemnines its context, so that it can adjust to the different locations. 
[0023] Further, various types of location providers can convey different types of infonnation. For example, a so-called 
Ihin provider" provides location lnformatk>n that is translated by the locatiori servk:e into the appropriate node infor- 
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mation. A so-called Ihick provider* includes logic that takes location information and provides it in a fomn that can map 
directly into the Master Wo rid or Secondary World. 

[0024] In another embodiment location translation services are provided that are directed to detemnining, as accu- 
rately as possible, the context or location of the device. In this embodiment, information is received from the various 

5 location providers. This inf onmation includes location, accuracy and confidence (all of which are provided by the location 
provider), trust (which is assigned to a location provider by the device or a user) and a timestamp (which helps to age 
the location Information). The location translation processing involves determining which of the location providers are 
valid and active. The location providers can be ranked In accordance with the confidence and tmst levels. This defines 
an ordered list of location providers. Provision is made for a situation in which all of the location providers may go 

10 inactive. If so, a "current location" is used as a location provider whose confidence decreases over time. 

[0025] In the event that infomnation from two or more of the location providers conflicts, then measures can be taken 
to use infomiation for which there is a higher level of tnjst. The inf onnation that is provided by all of the location providers 
(assuming no conflict) can then be used to detemilne a tree structure and a node's entity ID (EID). The tree might be 
the Master World and the EID is a node on the Master World. The tree might also be a Secondary World and the EID 

« (or location unique Identifier or "LU ID") is a node on the Secondary World. Once this infomiation is collected, complete 
location information can be detennined by simply traversing the tree(s). Once a device's location is detennined, a 
cache can be updated with the cun-ent location (including a time stamp). 

[0026] In another embodiment, privacy issues in the context-aware computing environment are addressed. In this 
embodiment, the location sen/ice has acquired location information that pertains to the location of a particular device. 

20 A privacy manager detemnines what level of infomnation to provide to applications that might request the information. 
The privacy manager can reside on the computing device itself, or can be proxied by a trusted third party. 
[0027] According to this embodiment, a scale of privacy levels are defined. Each level is defined to include more or 
less specific information about the location of a particular device. A user is able to assign a privacy level to entities that 
might request location infomiation. Additionally, each node of the Master World and a Secondary World can have a 

25 privacy level associated with It. When a query from an application is received, the privacy manager first determines 
who the query is from and the privacy level associated with the application or entity. The privacy manager then evaluates 
one or more of the Master World and the Secondary World to find a node that has a con^esponding privacy level. When 
a corresponding node is found, infomnation at that particular granularity is provided to the requesting applk^ation or 
entity. 

30 [0028] In another embodiment systems and methods of providing a location provider in the fonn of a location beacon 
are described. In this embodiment, a location beacon is provided that can be mounted In various areas (public/private 
areas) to beacon the location to any computing devices within transmission range. The inf onnation that is transmitted 
enables a device to determine its location or context. The location beacon can transmit infomnation that is specific to 
the location service that uses the infomiation. Transmitted infomnation can include an EIDAJRL pair, and a LUIDAJRL 

35 pair. The EID gives the node identification of a node in the Master World; and, the associated URL gives a protocol to 
communicate with the Master World. The URL might, for instance, link to a server that can provide additional context 
Infomnation that uses the EID. The LUID indicates a node on a Secondary World that corresponds to a current location; 
and the URL gives a protocol to communicate with the Secondary Worid. For example, the URL can link with a server 
that is hosting the Secondary World. This server can then be queried to discover more information about the Secondary 

40 World (i.e. Secondary World tree structure, location of associated resources, etc.) With the EID and LUID (along with 
the URLs), a device can now traverse the Master World or Secondary World to detemnine its location. Various tech- 
nologies can be used to implement the beacon (wireless, RF, IR). The beacon can be a "program once" device to deter 
tampering. Programmable beacons can, however, be provided. Security can also be provided in the form of a verifiable 
signature that is provided with the beacon infomiation to assure the veracity of the transmitted Infomnation. 

45 [0029] A useful context-aware computing aspect of the beacon is the concept of "location-enabled access". That is, 
in addition to (or separately from) receiving location infonmatlon, a beacon can transmit code download pointers that 
enable smart devices to access software code that allows the device to participate in its current context. 

Exemplary Computing System 

so 

[0030] In the context of this document, the temn "computing device" is used to refer generally to any type of computing 
device. Characteristics of exemplary computing devices are that they typically include one or more processors, com- 
puter-readable media (such as storage devices and memory), and software executing on the one or more processors 
that cause the processors to implement a programmed functionality. In partk:ular embodiments, implementation takes 
55 place in the context of mobile computing devices (e.g. laptop computers and the like), and/or hand-held computing 
devices (e.g. palm PCs, wireless telephones and the like). 

[0031] Fig. 1 is a schematic diagram that constitutes but one example of a computing devk^e that is suitable for use 
in connection with the described embodiments. It is to be understood that portions of the illustrated computing device 
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can be incorporated in one or more of the computing devices (e.g. palm PCs, wireless telephones, etc.) with which 
particular embodiments are envisioned for use. 

[0032] Computer 130 includes one or more processors or processing units 132, a system memory 134, and a bus 
136 that couples various system components including the system memory 134 to processors 132. The bus 136 rep- 

5 resents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral 
bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. The system 
memory 134 includes read only memory (ROM) 138 and random access memory (RAM) 140. A basic input/output 
system (BIOS) 142, containing the basic routines that help to transfer infomriation between elements within computer 
130, such as during start-up, is stored in ROM 138. 

w [0033] Computer 1 30 further includes a hard disk drive 144 for reading from and writing to a hard disk (not shown), 
a magnetic disk drive 146 for reading from and writing to a removable magnetic disk 148, and an optical disk drive 150 
for reading from or writing to a removable optical disk 152 such as a CD ROM or other optteal media. The hard disk 
drive 144, magnetic disk drive 146, and optical disk drive 150 are connected to the bus 136 by an SCSI interface 154 
or some other appropriate interface. The drives and their associated computer-readable media provide nonvolatile 

15 Storage of computer-readable instructions, data structures, program modules and other data for computer 130. Al- 
though the exemplary environment described herein employs a hard disk, a removable magnetic disk 148 and a re- 
movable optical disk 152, it should be appreciated by those skilled in the art that other types of computer- readable 
media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital 
video disks, random access memories (RAMs). read only memories (ROMs), and the like, may also be used in the 

20 exemplary operating environment. 

[0034] A number of program modules may be stored on the hard disk 1 44, magnetic disk 1 48, optical disk 1 52, ROM 
138, or RAM 140, including an operating system 158, one or more application programs 160, other program modules 
162, and program data 164. A user may enter commands and information into computer 130 through input devices 
such as a keyboard 1 66 and a pointing device 1 68. Other input devices (not shown) may include a microphone, joystick, 

25 game pad, satellite dish, scanner, or the like. These and other input devices are connected to the processing unit 132 
through an interface 1 70 that is coupled to the bus 1 36. A monitor 1 72 or other type of display device is also connected 
to the bus 136 via an interface, such as a video adapter 174. In addition to the monitor, personal computers typk:ally 
Include other peripheral output devices (not shown) such as speakers and printers. 

[0035] Computer 130 commonly operates in a networked environment using logical connections to one or more 
30 remote computers, such as a remote computer 1 76. The remote computer 1 76 may be another personal computer, a 
server, a router a network PC, a peer device or other common network node, and typically includes many or all of the 
elements described above relative to computer 130, although only a memory storage device 178 has been illustrated 
in Fig. 1 . The logical connections depicted in Fig. 1 include a local area networic (LAN) 1 80 and a wide area network 
(WAN) 1 82. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, 
35 and the Internet. 

[0036] When used in a LAN networking environment, computer 130 is connected to the local network 180 through 
a network interface or adapter 184. When used in a WAN networking environment, computer 130 typically includes a 
modem 186 or other means for establishing communications over the wide area network 182, such as the Internet. 
The modem 186, which may be Internal or external, is connected to the bus 136 via a serial port interface 156. In a 

^0 networked environment, program modules depicted relative to the personal computer 130, or portions thereof, may be 
stored In the remote memory storage device. It will be appreciated that the networic connections shown are exemplary 
and other means of establishing a communications link between the computers may be used. 
[0037] Generally, the data processors of computer 1 30 are programmed by means of instructions stored at different 
times in the various computer-readable storage media of the computer. Programs and operating systems are typically 

45 distributed, for example, on floppy disks or CD-ROMs. From there, they are installed or loaded into the secondary 
memory of a computer. At execution, they are loaded at least partially into the computer's primary electronic memory. 
The invention described herein includes these and other various types of computer-readable storage media when such 
media contain instructions or programs for implementing the steps described below in conjunction with a microproc- 
essor or other data processor. The invention also includes the computer itself when programmed according to the 

50 methods and techniques described below. 

[0038] For purposes of illustration, programs and other executable program components such as the operating sys- 
tem are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at 
various times in different storage components of the computer, and are executed by the data processor(s) of the com- 
puter. 

55 

Defining the World 

[0039] One of the problems to date with attempting to soh/e the context-aware computing problem is that every 
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proposed solution has its own approach, data structures, processes and the like. There is little if any standardization 
between the various approaches. In the described embodiment, standardization is achieved at the foundational level 
by defining a universal view of the Earth. That is, a universally acceptable definition of the Earth is proposed and is 
useable in various computing scenarios to enable context-dependent computing. In this document, a specific example 
5 of context-dependent computing is given in the form of location dependent computing. It is to be understood that this 
constitutes but one example of a context In which the various embodiments discussed below can be employed. Other 
"contexts" can Include, any information that can fit Into a hierarchical structure Including, without limitation, role/per- 
sonnel in an organization, device categorizations, current activity, cun-ent environment, active devices and the tike. 

10 The Master World 

[0040] A Master World is defined as a politk:ally correct and publicly accepted hierarchical tree stmcture that catalogs 
physical location or geographic divisions of the Earth. The Master World is defined in such a way that many different 
classes of political, administrative and geographic entitles across the entire Earth are included. Areas of political con- 
's tention are accounted for by presenting a view of the world based on the language/locale of the computing device. 
[0041] Fig. 2 shows an exemplary hierarchical tree structure 200 that represents a portion of the Master World. The 
Master Worid contains multiple nodes 202, with each node representing some type of geographic division (e.g. political 
or natural entity) of the Earth. In the illustrated example, the nodes of the Master World are arranged in the following 
groups: (1) political or natural entities (e.g. continents, countries, oceans, states, counties, cities and the like); (2) 
20 infrastructure entitles (e.g. postal codes, area codes, time zones and the like); (3) public place entitles (e.g. parks, 
mails, airports, stadiums, and the like); and (4) non-physical entities (military postal code regions, vacation regions, 
affiliate coverage areas of television networks that can be geographically discontinuous, and the like). 
[0042] In the Fig. 2 example, the top node of the tree structure represents the Earth. Each node underneath the top 
node represents a geographical division of the Earth. In this example, none of the nodes have an association with any 
25 businesses or services. That Is, there is a distinction between node entities that are part of the Master World and non- 
geographic places where activities take place. Though the Master World includes nodes for public places (i.e. airports, 
malls, etc), it does not include individual listings of businesses or service providers. Each node is uniquely Identified 
by an ID (EID or entity ID). In addition to the unique EiDs, a URL Is associated with the tree structure and provides a 
context for the tree structure as will become apparent below. 
30 [0043] As an example, consider the following: Seattle-Tacoma International Airport (SeaTac) will be included in the 
Master Wortd, but references to individual airline business locations at SeaTac might be "leaves" on the tree that are 
tagged by the SeaTac Airport EID (see "Secondary World" section and the Table below). Similariy, the Seattle Center 
might be a node on the Master World, while the Seattle Arts Festival, Bumpershoot, the Seattle Sonics NBA Team, 
and the Seattle Center Starbucks Coffee Shop might be tagged with the Seattle Center EID. As another example, the 
35 Master World also contains nodes for all Interstate (motorway) exits. For example, the 1-90, Exit 1 09, Washington is a 
node in the Master World. The Best Western Inn located at 1700 Canyon Road in Ellensburg, Washington might be 
tagged with the EID of this Exit. 

[0044] Thus, the Master World provides a unlfomri way of defining locations. The unifomi location definitions can 
then be universally used to assign attributes to goods or services. Whenever a computing device determines Its location 

40 to correspond to a particular uniform location definition, it can take advantage of the location-dependent goods or 
services that share the unifonm location definition. The Master World Is useful because it is a standardized view of the 
world. Its accurate standardized geographic dimension attribution can be easily accessed by both providers and con- 
sumers. Services and product providers (or third parties such as search engines, network and yellow-page database 
directories) can use the nodes of the Master World by assigning a standardized persistent geographic reference to all 

45 commerce locations or points of interest. These commerce locations or points of Interest can be considered as "leaves" 
on the tree structure. 

[0045] In the illustrated example, the nodes of the Master World have one or more attributes that facilitate its use. 
Exemplary attributes are described in the table immediately below: 



Attribute 


Description 


Entity ID (EID) 


The EID Is a unique ID for each node. No two nodes have the same EID. 


Name 


The name is defined in temns of the neutral ground truth (NGT) name. The NGT 
name supports various language translations for entity names as appropriate 
(e.g. Pacific Ocean, Pazlfischer Ozean, Oceano Paclfico, etc.) 


Geographical Entity Class (GEC) 


The GEC is a geographical classification of each node. An exemplary GEC is 
discussed below in the "Geozone" section. 
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(continued) 





Attribute 


Description 


5 


Latitude 


The horizontal coordinate position on the globe (i.e. the coordinate position of 
the node's centroid) 




Lonoitufip 


1 1 ic vci iiwdi KM\jt uii laLB |judiiiui 1 ui 1 11 ic ^luuc ^i.i?. 1116 cuui uiiiaic pusmori ui in6 
node's centroid) 


10 


Relative Importance 


The geographic importance of an entity in reference to other entities in the same 
region. Value from 1 to 256 (e.g. New York City = 3, Los Angeles = 4, and 
Omaha = 5 even though Omaha is much smaller but almost as Important In 
relation to surrounding populated places) 


15 


Contextual Parent(s) 


The parents of the parent/child relationship for each node. Multiple parents are 
supported (e.g. Redmond is a child of King County, Area Code 425, the Pacific 
Time Zone, and the MSNBC affiliate KING TV). 




Source 


The source of origin for the record (e.g. Microsoft or a specified data vendor) 




Start Date 


Date when the node infonnation was first valid 


20 


End Date 


Date when the node infomnation was last valid (retired zip codes, breakup of 
countries) 




Modification Date 


Records date changes that are made tot eh record relating to retirement or 
updates to any fields 


25 


Status 


Active, lashed (links duplicate nodes together), pending or retired 



[0046] The attributes listed above constitute exemplary attributes only. Other attributes that are different from and/ 
or additional to those referenced above could be used. A few exemplary entity or node records that employ the above 
attributes are shown below: 

30 



Entity ID 


24948 


(EID) 




Name 


Pacific Ocean, Pazifischer Ozean, Oceano Pacifico, etc. 


Geographical Entity Class (GEC) 


13a/0cean 


Latitude 


0 (+000** 00' 00") 


Longitude 


-170(-170'» 00' 00") 


Relative Importance 


1 


Contextual Parent(s) 


Worid 


Source 


MSFT GeoUnit 


Start Date 


0/0/00 


End Date 


0/0/00 


Modification Date 


01/18/00 


Status 


Active 



50 



Entity ID 
(EID) 


27490 


Name 


Redmond 


Geographical 
Entity Class 


78/non-capital town 
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(continued) 



(GEC) 




Latitude 


47.6768303 (+047'» 40' 36") 


Longitude 


-122.1099625 (-122" 06' 35") 


Relative Importance 


107 


Contextual Parent(s) 


1 . King, second level 
[Washington, United States] 

2. Puget Sound-Seattle, travel region 
[Washington, United States] 


Source 


MSI=T GeoUnit 


Start Date 


0/0/00 


End Date 


0/0/00 


Modification Date 


01/18/00 


Status 


Active 



[0047] The Master World also serves as a repository of connmon denominator links between itself and various "Sec- 
ondary Worlds" and as a conduit that connects Secondary Worlds to other Secondary Worlds. Content, service and 
device providers can use the Master World to associate their publicly available offerings with a geographic location 
and the corresponding multiple branch hierarchical structure. This location will be associated with a single entity within 
the tree structure thereby allowing geographic and time/distance calculations and the necessary parent/child relation- 
ship navigation. 



The Master World Index (Geozones) 

30 

[0048] By definition, the Master World provides a hierarchical structure of entities (nodes) that cover the entire globe. 
Upward navigation within the hierarchy is quite natural. Efficient navigation downward requires geographic proximity 
awareness. Additionally, there are possible scenarios that will require jumping from branch to branch in order to suc- 
cessfully return values in a query, or for more accurate calculations of distances to close "leaves" attached to nodes 
other than the original source node. The Master World makes use of an Index scheme that can identify peer level nodes 
by virtue of the geographical proximity. This indexing scheme makes use of a quad tree algorithm to define so-called 
"geozones." 

[0049] A quadtree is essentially a spatial index that breaks coverage Into homogeneous cells of regularly decreasing 
size. Each quadrant of the tree has up to four children. The quadtree segmentation process can continue until the 
entire map is partitioned based on many different end result criteria including the density of the number of items (e.g. 
points of interest) in each quad. The approach provides a fonn of spatial index that accelerates spatial selection and 
content identification. 

[0050] To complete the spatial indexing scheme to provide each node with a defined geozone, a quadtree algorithm 
is applied to the nodes and can be based upon a desired density of, for example, points of interest that are to occur 
in any one zone. Once all of the zones have been defined, each zone is given a unique ID (e.g. top/left and bottom/ 
right Latitude and Longitude pairs). Each of the nodes of the Master World is then assigned a zone in which it is located. 
Quadtree algorithnns are known and will be appreciated by those of skill in the art. 

The Master World Location 

50 

[0051] As can be appreciated, having a unifomi standardized representation of the world in the form of a hierarchical 
traversable tree structure can greatly facilitate the manner to which context-dependent, and more specif ically, location- 
dependent goods and services can be linked. 

[0052] In the described embodiment, a computing device has access to at least a portion of the Master Worid. For 
example, the computing device can have the Master Worid saved in an Internal storage device, it can comprise part 
of the computing device's operating system, or the device might access the Master World via a networic medium such 
as the Internet. With the Master Worid tree structure being accessible to each computing device, each device has the 
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power to determine its own context or node-referenced location. That is, the computing device can determine, through 
software it is executing, its particular location, i.e. node. Once the computing device determines an associated node, 
it can simply traverse the tree to ascertain its complete location. 

[0053] For example, if a computing device detemiines that it is currently located at a node that corresponds to the 
City of Redmond, it can traverse the Master World tree structure to ascertain that it is in the State of Washington. 
Country of The United States, on the. continent of North America. By ascertaining its precise location, the computing 
device (or its user) is now in a position to tal<e advantage of location -dependent services that might be offered. This 
particular model is a tremendous improvement over current models that utilize a central server to ascertain location 
for a number of different devices. In that model, each device (or user) provides information about its location (e.g. 
perhaps the user enters the zip code or city that the device is currently in) and might enter a query to find, for example, 
a McDonald's restaurant in his zip code. The server then takes this infomiation and might, for example, tell the user 
about the location of ail of the McDonald's restaurants within that zip code or city. If the servers fails in this model, then 
none of the computing devices can take advantage of its services. In the present model, each computing device is 
self-sustaining. Each can detemiine its own location, and accordingly, each device can take advantage of location- 
dependent services. For example, if the computing device understands that it is located on a particular node of the 
Master World, then it can execute queries to find a McDonald's that has an EID that corresponds to the particular node 
in which the computing device is located. Particular robustness is provided through the use of the above-described 
geo-zones. The geo-zones enable proximate geographic divisions to be quickly searched in an efficient manner. For 
example, if an individual is looking for the nearest Kinko's to make copies and none are located in the geo-zone that 
corresponds to the node in whk:h the computing device is located, then adjacent geo-zones can be quickly searched. 

Secondary Worlds 

[0054] In the described embodiment, the concept of a Secondary World is used to provide support for additional 
context. A secondary world might be defined by a third party organization or company and contains nodes that comprise 
physical and/or logical entities that are unique to that organization. The nodes of the Secondary World may or may not 
have much context outside of the partbular organization that defined the Secondary Wortd, since a secondary worid 
could be made either public or private. The Secondary Worlds do not duplicate the Master World, but rather supplement 
It in a unique, organization specific manner. While the Master Worid is defined to be a widely accepted standard, each 
Secondary World can be a widely variant representation of an organization's proprietary view of the worid. In the 
described embodiment, each Secondary World has at least one node that is linked with a node of the Master Worid. 
This gives the Secondary Worid a context or location In the Master Worid. Also note that in some context applications, 
several secondary worlds may be accessed, each providing additional context specific pieces of location data. 
[0055] Fig. 2 shows an exemplary Secondary World 204 that comprises a plurality of nodes 206. Each of the nodes 
206 constitutes a physical or logical entity. For example, the nodes can constitute a company, its divisions, regions 
campuses, buildings, floors in various buildings and rooms on various floors. At least one of the nodes is linked with 
a node of the Master World. The nodes of the Secondary Worid can have the same attributes as the nodes of the 
Master Worid. 

[0056] As an example of a Secondary World, consider that Boeing might define a Secondary Worid that includes a 
list of entities that are important to its employees. The root entity would be "Boeing Corp." and its children might be 
company divisions (St. Louis Military Division. Everett Plant, Corporate HQ, etc.). Further down the tree stmcture. 
individual nodes might be defined to represent individual buildings (Hanger 1 2), offices within this building (Office 1 001 ). 
building areas (Southwestern quadrant of hanger 12), etc. Each entity or node has a unique identifier (Local Unique 
ID or "LUID") and a URL that is associated with the tree on which the node occurs. The URL uniquely identifies the 
Secondary Worid tree structure so that a user within that world can determine how to interact with the worid. This 
aspect is discussed below in more detail. Boeing can then use the LUIDs to associate equipment, servrces, departments 
or even personnel to a physical or logical location. 

[0057] As a more concrete example, consider Fig. 3 whk^h shows an exemplary portion of the Master Worid 300 and 
a Secondary World 302. Master Worid 300 includes the following nodes: Worid, United States, Washington, Redmond, 
and Zip = 98052. The exemplary Secondary Worid 302 is a hierarchfcat tree structure that has been defined by Microsoft 
Corporation and includes the following nodes: Microsoft, Redmond Campus, 1 Microsoft Way, Building 26. 3"^ floor, 
Conference Room 3173, Building 24, 2^ floor Conference Room 1342. In this example, the Secondary Worid 302 
'touch points" into the Master Worid from the Redmond node. In this example, a video projector is shown as being 
associated with the node "^Conference room 1342". Here, the video projector is not a node in the secondary worid. 
Rather, the video projector is an item in some other resource discovery servk:e (e.g. the active directory) and includes 
a location attribute that is a pointer to "Conference room 1342." There may be times, however, when nodes can be 
created in the worlds to represent the location of key services — the node themselves, however, would not represent 
the services. 
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[0058] Like the Master World, the Secondary World is advantageously accessible to a user's computing device. It 
could, for example, be downloaded — completely or partially -and stored on a storage device and accessed when 
needed. It might be downloaded for a one time use only. The Secondary World enables the computing device to as- 
certain its context within the Secondary World. In this example, the computing device would, by using the Secondary 

5 World, compute its location within the Secondary World. The computing device can do this by traversing the tree 
structure from the node in which it Is currently located to the root node. This would, for example, give the computing 
device (and hence the user) a complete Secondary World context. Once the Secondary World location is known, the 
user is in a position to take advantage of goods or services that are associated with the nodes of the Secondary World. 
That is. once the computing device detemiines its Secondary World context, it is ready to become an active participant 

10 in the Secondary World. 

[0059] Tremendous value can be achieved by associating goods or services with the Individual nodes of the Sec- 
ondary World. For example, Conference Room 1342 has a video projector associated with it. That is. the location of 
the video projector is in Conference Room 1342. Assume that an individual in Conference Room 3173 has a presen- 
tation that requires the use of the video projector such as the one located in Conference Room 1342. Normally, an 

15 individual would have no way of ascertaining the location of the video projector other than perhaps physically calling 
over to the building to check whether there is a video projector available. In this example, because the user's computing 
device is able to ascertain Its location within the Secondary World, it is able to locate the video projector in Conference 
Room 1342. It would do this by simply executing software that traverses the Secondary World tree structure to find 
the resource of interest. 

20 [0060] Note also that because there is a link into the Master World, the computing device is able to derive it context 
(location) within both worlds. This enables the computing device, and hence the user, to take advantage of goods and 
services that are associated with the Secondary World, as well as participate in location-dependent services that are 
consumable based upon the user's location in the Master World. 

[0061] Fig. 4 is a flow diagram that describes steps in a method in accordance with the described embodiment. The 
25 steps described just below are implemented by a computing device which, in the illustrated example, is a hand-held 
mobile computing device. 

[0062] Step 400 accesses first and second hierarchfeal tree structures that are resident on a computer-readable 
media. In this example, the tree structures might be stored on the device or might be accessible via a network such 
as the Internet. An exemplary first tree structure is the Master World and an exemplary second tree structure is a 

30 Secondary World. Alternately, the tree structures could both be Secondary Worlds. Once the tree structures have been 
accessed by the device, step 402 traverses multiple nodes of the tree structures to derive the context of the computing 
device. In this example, the computing device receives Information that rnfomns it as to its location at a node of one of 
the trees. This information can come to the computing device in any suitable way, e.g. a user can enter the information 
through a User Interface (Ul) or the location might be broadcast to the computing device by another computing device 

35 (e.g. through the use of Bluetooth technology or Universal Plug and Play (UpnP). Specific examples of how this Infor- 
mation can be conveyed to the computing device are given below in more detail. Regardless of how this information 
is conveyed to the computing device, once the computing device has the information, It executes software that traverses 
one or both of the tree structures to derive its context which, in this example, is the device's location. 

^0 Defining Secondary Worlds 

[0063] As was mentioned above, one particularly valuable aspect of the described embodiment is that individual 
organizations can define their own Secondary Worlds. This gives the organization a great deal of flexibility in providing 
goods and services and, more broadly, increasing the efficiency of their organization. In one embodiment, a software 

45 tool is provided that enables individual organizations to define and maintain their own Secondary Worlds. 

[0064] in one embodiment, each secondary world can be uniquely identified as a name space (e.g. an XML name- 
space). This ensures that any overlap in names between the Secondary Worid and the Master World will not result in 
a collision. As an example, consider the following: the Master World might contain an entity identified as "Chicago" 
refemng the city. A Secondary Wortd that Is established by the National Basketball Association (NBA) and a different 

50 Secondary Worid that is established by the Caterpillar Corporation might also have entities named "Chicago" that refer 
to completely different entities than the Master Worid's "Chicago." For example, the NBA's "Chicago" might refer to an 
NBA market area while Caterpillar's "Chicago" might refer to a sales district. Having the namespace separation between 
the Master and Secondary Wo rids can ensure that there not a collision between identically named entities because 
each name space is uniquely different from every other namespace. 

55 [0065] Fig. 5 Is a flow diagram that describes steps in a method of building a context-aware data structure. These 
steps are implemented by a software tool that Is executing on a computing device. 

[0066] Step 500 receives input from a source that specifies infomiation that pertains to physical and/or logical entities. 
In this example, a system administrator might physically enter information about the structure of the Secondary Wortd 
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that they desire to define. This information can include Information about buildings, divisions, conference rooms and 
the like. Step 502 then processes the information to define a hierarchical tree structure that has a context. In this 
example, the context is location. It will be appreciated, however, that other contexts could be employed. Each of the 
nodes in the hierarchical tree structure represents a separate physical or logical entity. Step 504 then links at least one 
5 of the nodes of the hierarchical tree structure with another tree structure having a context. In this example, this other 
tree structure can comprise the Master Worid. Once the tree structures have been built and linked, they are ready for 
traversal in a manner that enables context to be derived from one or more of the nodes. 

Location as a Service 

10 

[0067] In the above examples^ the computing device is able to detemnine its own location. In the embodiment about 
to be described, the computing device detemiines its location by using location infonmatlon that is provided to it from 
a number of different sources of information. The device is able to take the infonnation that is provided to it and process 
the infomnation to detemnine a particular node on one or more hierarchical trees. Once the device has done this, it can 
15 detennine its complete location which is a useful thing to know particulariy when there are location-dependent services 
that can be consumed by the device's user. 

[0068] Fig. 6 shows a high level diagram of an exemplary computing device 600 that comprises, among other com- 
ponents, a context service module 602 and one or more context providers 604. The context service module 602 can 
be implemented in any suitable hardware, software, firmware or combination thereof. In this particular example, the 

20 context sen^tce module is implemented in software that is executed by one or more device processors. The context 
servk:e module 602 receives context .infonnation from one or more context providers 604 and processes the informa- 
tion to detemnine a cun^ent device context. In this particular example, the device context is the device's location. Ac- 
cordingly, the context providers are location providers that provide location information, in various fomis, to the context 
service module 602 for processing. The location providers 604 receive information from various sources of context 

25 infonnation (location infonmation) 606. 

[0069] In the context of this document, a context provider comprises a software component that can either be Im- 
plemented on the device or off the device. The context provider can also include any suitable hardware, firmware or 
combination thereof. The role of the context providers are to receive information from sources 606 and convey the 
infonnation to the context service module 602 so that the context service module can use the infonnation to detennine 

30 a current device context. 

[0070] In the case where the context of the device is the device's location, sources 606 provide various infonnation 
to the location providers 604 that pertains to the device's current location. As an example, the sources of the information 
can include various information transmitters such as a GPS system, cell phone or cell ID, wireless transmitters that 
transmit location information, location beacons, 802.11 transmitters and various other sources of information. The 

35 sources of infonmation can also include other computing devices that might, for example, provide location infonnation 
through Bluetooth technology. In addition, a source of infonnation 606 might include a person who, for example, phys- 
ically enters location infonnation into the device 600 so that the device can process the Infonnation to detennine Its 
location. 

[0071] When the device 600 receives the location infonnation from the sources 606, it processes the information 
"^0 with the location providers 604 and provides the infonnation to the location servbe module 602. The location service 
module 602 processes the location infomnation and detennines a particular node on one or more of the hierarchical 
tree structures to which It has access whch con^esponds to Its current location. The location service module 602 can 
then traverse the tree structures to detennine a complete tocation for the device. Once the complete location is deter- 
mined, the device 600 can begin to interact with one or more applications 608 that can query the device about its 
45 particular location so that one or more location-dependent services can be rendered to the device. In this example, 
the applications 608 are illustrated as being separate from the device. It is to be understood, however, that the appli- 
cations could be executing on the device, e.g. a browser application. 

[0072] As shown, the applications 608 can make calls to the device to ask the device where it is located. The device 
Is configured to receive the calls and respond In an appropriate manner to the application. Once the apptk:ation has 

50 the devbe's location information, it can then render location specific services to the device. 

[0073] Consider the following example: You are a traveler and have a hand-held mobile computing device that 
contains a Master Worid tree and a Secondary Worid tree for SeaTac International Airport. You are scheduled to depart 
on a plane for China from Concourse C. SeaTac international Airport has designed its Secondary Worid to have the 
following nodes: "Arrivals", "Departures", "Concourses", "Airtines", "Gates assigned to Airiines", and "Gate Location"*. 

55 When you arrive at the airport, as you enter the airport your computing device receives location information from 
different sources and with that information your device detennines that your location Is in the Arrivals node. SeaTac 
Intemational has bank of servers that are executing applications to assist you while you are in the airport. There are 
applications that can help you find services, locate facilities (e.g. coffee shops, restaurants), give directions (e.g. how 
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to get to your departure gate), update you on the status of your flight, and even check you in automatically for your 
flight. Consider also that as you walk through the airport your location changes. Your computing device, however, can 
receive continuous location infomnation updates so that it can continue to detemnine its location as you move through 
the airport. At one point, as you pass a Starbucks coffee shop, your hand held device notifies you that if you purchase 
5 a iatte at Starbucks and present your hand held device, you will receive a 50 cent discount on your iatte. In this example, 
the utility of the Secondary World is demonstrated. By knowing where its partk:ular customers are in Its facility, SeaTac 
International Is able to provide a host of services that were not possible before. 

[0074] Assume further that you are in the airport and your flight is canceled. You must find a place to stay for the 
night. Accordingly, you wish to determine the closest Double Tree hotel because you really like the wann chocolate 

10 chip cookies they give you when you check in. You execute a search engine on your computing device to find the 
nearest Double Tree hotel. The search engine application first determines your current location in the Master World 
as indicated by the EID of the Master Worid node that corresponds to your location. Executing a search, the search 
engine application looks for a Double Tree hotel that has an attribute that includes an EID that matches your EID. tf It 
finds one, it simply indicates for you the result. If it does not find one with the corresponding EID, It can use an adjacent 

'5 geozone, to search for a Double Tree hotel. It may also provide driving directions to the hotel. The search engine 
application was able to do this because it was able to ascertain your location in the Master World. It did this quickly 
and automatically with little or no effort from you. 

[0075] Consider further that as you are driving from the airport to the hotel you decide that you want to find the 
nearest Kinko's so that you can print 100 copies of a presentation that you are to give in the morning. Consider that 

20 your hand-held computing devk;e is a cellular phone and that Sprint is the canrler. Sprint has defined its own Secondary 
Worid that might, for example, be designated in terms of cell nets. By virtue of having Sprinfs Secondary World on 
your computing device, you are able to ascertain your location in Sprinfs Secondary Worid and, accordingly, your 
location in the Master Worid. Consider that Kinko's also has a Secondary World that links with the Master Worid. By 
executing a search application on your devbe, you are able to ascertain the location of the nearest Kinko's as well as 

25 driving directions thereto. All of this is possible because your device has access to the Master Worid and one or more 
Secondary Worlds. In this example, the Master Worid provides a mechanism to daisy chain two or more Secondary 
Worids together. This is possible because the Secondary Worlds have at least one reference or link into the Master 
World. 

30 Exemplary Device Architecture 

[0076] Fig. 7 shows computing device 600 in somewhat more detail. In this particular embodiment, device 600 com- 
prises an architecture that includes the following components: a location service module 602, a location provider in- 
terface 700. an applfcation program interface (APiyEvents module 702, a privacy manager 704 a location conversion 
35 module 706, one or more applications 608 and one or more location providers 606. Also included in the architecture 
is an active directory 708, Web service 71 0, location database 712, and personal places 714. The architecture can be 
implemented in any suitable hardware, software, finnware or combination thereof. The architecture mentioned above 
is advantageous in that it enables each computing device to detennine its own context or location. 

^ Common Location Provider Interface 

[0077] One particulariy advantageous aspect of the described embodiment is that it employs a common interface 
700 that provides a standard interface through which the location providers 606 communicate. By having a common 
interface, the location providers are extensible (to support future providers) in that they can be dynamically added or 
^5 removed from the collection of location providers. All that is required of a particular location provider 606 is that it be 
written to support the common interface. 

[0078] In this example, there are several location providers 606. These location providers provide location infonnation 
in different fomis. For example, a GPS location provider might provide location infomnation that is GPS specifte. Sim- 
ilariy, an IP/Subnet location provider might provide information that is specific to an Internet Protocol. A mobile phone 

50 location provider might provide location infonnation in the fonrn of a cell ID. In addition, a location User Interface (Ul) 
might provide location infonnation in the fonri of a user entry that specifies a city, street or building. All of the location 
infonnation that is provided by the various location providers is processed by the location service module 602 so that 
a current device location can be determined. To detemnine the cun-ent device location, the location service module 602 
may have to consult with an active directory 708, a Web service 710, or a location database 712. In the illustrated 

55 example, the active directory 708 might, for example, maintain a secondary worid and other networidng metadata such 
as subnet and "site" infomnation that can help determine location based on networiclng connectivity. Web service 710 
can hold the master or secondary worlds, the attributes of which can be used to find location. For example, if a cell 
phone knows its cell tower ID, then the location provider can query the secondary world to ascertain the nodes that 



13 



EP1 220 510A2 



match that cell tower ID. Location database 71 2 is basically a version of the web service that is hosted or cached locally. 
Location Providers 

5 [0079] As indicate above, the architecture contemplates multiple different location providers that can provide location 
infomiation to the location service module 602. TYiis infomnation can come in many different fomns and quality levels. 
The infomnation is then processed by the location service module 602 to detennnine a current device location. To do 
this, the service module 602 ascertains from the location information a particular node ID (BID and/or LUID) and a URL 
that is associated with the tree stnjcture with which the node is associated. Once the location service module ascertains 

10 a node ID, it can then query the tree structure (or more accurately a server that manages the tree structure) using the 
URL to ascertain more infomnation about the tree structure. For example, if the location service module 602 ascertains 
a LUID from a particular Secondary World, it might then query an active directory 708 (or an Intranet server — which 
is another location database) to discover the parents and the children of the node. This would then enable the location 
service module to build the Secondary World. 

15 [0080] The location providers 606 can provide the location infomnation to the location service module 602 in many 
different ways. For example, some location providers 606 may continuously provide information (e.g. the GPS provider 
may continuously provide GPS coordinates). Alternately, the location providers can periodically provide location Infor- 
mation such as at specific times or on the occurrence of definable events. For example, a user may define specific 
times when the location infonnation should be updated. Alternately, the location infomiation might be updated only 

20 when a device's location changes (i.e. a location change event). Additionally, the location providers might provide 
location infomiation when polled by the location service module 602. For example, the location service module 602 
can call the location provider interface 700 and request location infomnation from one or more of the location providers. 
[0081] One specific location provider 606 is shown as a cache. The cache provider essentially maintains a current 
device context or location. That Is, once the location service module 602 has ascertained Its current location, it writes 

25 this location to a cache. This enables the device 600 to ascertain its location with a degree of confidence in the event 
all of the other location providers are not able to provide location information (e.g. the GPS provider may not receive 
GPS information because the GPS transmitter that supplies it with the information is unable to contact a requisite 
number of satellites). 

30 Confidence and Accuracy Parameters 

[0082] One Important and useful feature of the described embodiment is that one or more of the location providers 
are configured to assign confidence parameters and/or accuracy parameters to the information that they provide to 
the location service module 602. Confidence parameters provide a measure of a provider's confidence in the information 

35 that it provides to the location service module 602. For example, assume that a GPS transmitter must receive infor- 
mation from five or more satellites in order to provide highly confident infonnation. Assume that only three satellites 
are available at the time. The GPS transmitter would then transmit Its Information based only on the three satellites. 
The GPS provider would then know that the infomiation It receives from the GPS transmitter was based only on three 
satellites rather than the desired five or more. In this case, the GPS provider can set a confidence parameter on the 

40 location Information that indicates that it has a lower confidence level than if the infomiation were based on the desired 
five or more satellites, in this case, the location service module 602 can take the confidence parameters for all of the 
location providers into account when detennining the location of the device. This Is discussed in more detail below. 
[0083] With respect to the accuracy parameters, consider that the location Infonnation that Is received from the 
location providers is accurate to varying degrees. Some Information may be accurate to within one mile, while other 

^ information may be accurate to within 100 feet. The location providers are desirably configured to assign accuracy 
parameters to the location infonnation that they provide to the location sen/ice module 602. The accuracy parameters 
give the location service module an indication of the accuracy of the information. 

[0084] When the confidence and accuracy parameters are used by the location service module 602, the module can 
make decisions on how to use the location information it receives from each provider. For example, the location service 

50 module 602 might disregard completely any infonnation that has a low confidence parameter. It might, on the other 
hand, strike a balance between the accuracy of the infonnation and its confidence. For example, the module 602 might 
be programmed to use information with lower levels of accuracy only when there is a high level of confidence in the 
infonnation. The module 602 might utilize the parameters to assign weights to the infonnation so that the location is 
calculated as a weighted function of the confidence and accuracy of the infonnation. 

55 [0085] Another use of the confidence parameters is as follows: Assume that the location service module has deter- 
mined a device location and has written that location to a cache. At the time when the location is written to a cache, it 
is assigned perhaps a high confidence level. Assume further that all of the other location providers are unavailable to 
provide location infonmation. For a period of time, the location service module 602 can use the cache location as a 
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current location and be fairly confident that its infomnation is generally accurate. In this case, the location service module 
might assign a linearly decreasing confidence level to the information over time so that at some point, it ceases to use 
the information or infonns the user that the infomnation cannot be guaranteed. 

5 Location, Trust, and Timestamp 

[0086] When the location providers provide their infonnation to the location service module 602, the infomnation can 
include, in addition to the confidence and accuracy parameters, the actual location infomnation in a known format, a 
trust parameter and a timestamp. The trust parameter is a metric that is assigned by the location service module 602 
10 to one or more of the location providers and defines the trust that the location service module has for the particular 
location provider The timestamp is a metric that defines the time when the location infomnation was provided by the 
location provider. This assists the location service module 602 in ascertaining whether infomnation is state and might 
need refreshed. 

[0087] Once the location service module 602 has all of the location infomnation, it can then set about detenmlning 
15 the location of the device. 

[0088] Fig. 8 is a flow diagram that describes steps in a method of detemnining a device context which, in this example, 
is the device location. These steps are implemented by the location service module 602. 

[0089] Step 800 gets the current device context. The current context can be the last calculated device context that 
is stored in the cache. Step 802 detemnines whether any of a number of context providers are available to provide 

20 context infomnation. The location service module might do this by polling the context providers to ascertain which of 
the providers are active and valid. Step 804 determines whether all of the providers are inactive. If all of the providers 
are inactive, step 806 decreases the confidence in the current context over time and uses the cun^ent context as the 
device context. Step 802 then continues to monitor for current active and valid providers. If step 804 determines that 
one or more of the context providers are active, then step 808 orders the active and valid context providers. When the 

25 location service module 602 orders or sorts the context providers. It does so as a function of the confidence of the 
provider's infomnation and/or the trust that the location service module has in the location provider. This provides a 
ranked, list of the location providers. Step 810 checks to ascertain whether the context infomnation appears to be 
correct. For example, where the context Is the location of the device, the location service module 602 might know that 
five seconds ago the current location was Redmond, Washington. Accordingly, location infomnation that indicates that 

30 the cun-ent location is Beijing, China would be incorrect. Step 812 then detemnines whether any of the context infor- 
mation conflicts with either the device's current context or the context infomnation from other providers. For example, 
the location service module 602 can compare the context information from each of the context providers with the 
infonnation in the cache. If any of the infomnation conflicts with the cached infomnation, then the information from that 
context provider can be discarded. Similarly, if context information varies inordinately as between the context providers, 

35 then step 8 1 4 can select the context providers having a predefined level of trust and perhaps use just their information 
(Step 81 6). If there are no conflicts, then step 816 detenmines the current context based upon the infomnation that is 
provided by all of the context providers. In the described embodiment, this step is implemented by using the information 
to map to a particular node in one ormore of the hierarchical tree stmctures mentioned above. For example, the location 
of the device can be ascertained by mapping the infomnation to a particular node, and then completely traversing the 

40 tree structure until the root node is reached. Step 818 then updates the current context by perhaps writing it to the 
cache and returns to step 802 to detemnine the active and valid context providers. 

[0090] The method described above provides a way for the location service module to receive location Information 
and use only the location Infomnation that appears mostly likely to represent a current location. Conflicting infomnation 
can be discounted or disregarded thereby assuring that only the most trusted, accurate and confident Infomnation is 
45 utilized to detemnine the device's current location. 

Self Monitoring 

[0091] In addition to the confidence and accuracy parameters, one or more of the location providers are advanta- 
ge geously programmed to self monitor their own operation for various irregularities that can occur. On the occurrence of 
an irregularity, the location providers are configured to notify the location service module 602. For example, the source 
from which the location provider receives its infomnation may go off line for a period of time so that the location provider 
is unable to receive any additional infonnation. In this case, the location provider might generate a "provider out" 
message and send it to the location service module 602. When the location service module 602 receives the "provider 
55 out" message, it can then take steps to exclude the location infomnation from that providerf rom any location calculations 
that it performs. When the location provider's source comes back on tine, it can generate a "provider on" message that 
informs the location service module 602 that it is able to transmit location infomnation to the module. Of course, the 
location servbe module can be notified by the location providers on the occun^ence of other operational irregularities, 
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with the above example constituting but one specific case. 
Applications 

5 [0092] Once the location service module 602 has determined the device's location, It can receive queries from one 
or more applications 608. In the Fig. 7 example, the applications include a web site application, an Outlook application, 
and a service discovery application. In the present example, the web site application can be any web site application 
that Is capable of rendering location-specific services. For example, the user of the device 602 might access Amazon, 
corn's web site to buy a favorite book. When the user purchases their book, Amazon.com must now compute the taxes 

10 that the user must pay. In this example, a script executing on Amazon.com's web site might query device 602 to learn 
of the user's location. In this particular example, the device might respond to the query by returning the state in which 
the user is making the purchase. Amazon.com can then assess the tax automatically. Amazon.com might also desire 
to know where the individual is located so that they can select an optimal shipping method (UPS or Express Mail). 
Depending on where the Individual is located, one method may be prefen-ed over the other. The Outlook application 

15 might query the location service module to ascertain the location because it (or the operating system, e.g. Windows) 
may change device settings based on the location of the computing device. For example, the user may print on one 
particular printer while at work, and another particular printer when at home. When the Outlook application detennines 
that the user has gone home for the day, it can automatfcally change the device settings for the printer at the user*s 
home. It might acquire the print settings from a personal places data store 714. Thus, the device is automatbally 

^ configured for use depending on the user's location. The service discovery application might query the device to de- 
termine its location so that it can render a particular service depending on where the device is located. For example, 
if the user asks the application to locate the nearest color printer, the service discovery application might query the 
location service module to ascertain the device's current location so that rt can use this infomnation and find the nearest 
color printer. Consider also that the Outlook application could configure itself email to a work location (when an individual 

25 is at work) or to a home location (when an individual is at home). In addition, the Outlook calendar can become location 
aware, e.g. when you change time zones, your appointments would show up in the proper time slots. 
[0093] As one can imagine, the possibilities are seemingly endless. This functionality is made possible through the 
use of the Master Worid and one or more Secondary Worids. 

30 Application Program interface/Events 

[0094] In the described embodiment, the applications 608 communicate with the location service module 602 through 
one or more application program interfaces (APIs) and/or events. The applications can make function calls on the API 
to query the location servk:e module as to its cun^ent location. Similarly, the applk^atlons can register for location noti- 

35 flcatrons by using an events registration process. For example, an application may register for a notification when the 
user changes their location. Consider the case where an application requests to be notified when the user arrives at 
work or at home so that the application can change the device's configuration (such as printer configuration). 
[0095] Fig. 9 is a flow diagram that describes steps in a method in accordance with the described embodiment. The 
steps that are described are implemented by device 600. Step 900 receives information that pertains to the current 

40 context of the device. In this particular example, a portion of the infomnation is received from one or more context 
providers which, in this case, are location providers. Step 902 processes the infomnation on and with the device to 
ascertain the current context of the device. In the illustrated example, the device maintains (or has access to) one or 
more of the Master Worid and one or more Secondary Worlds. When the device receives all of the location infonmation, 
it maps the information to a particular node in the hierarchrcal tree structure that defines the Worlds. It then traverses 

45 the tree structures to ascertain the complete context (i.e. location) of the device. Step 904 receives calls from one or 
more applications that request infomnation that pertains to the device's current context or location. In the illustrated 
example, the applications can call one or more APIs to request the infomnation or the applications can register for event 
notifications. Step 906 then supplies the applteations with at least some information that pertains to the current device 
location. As will be discussed below, a security polk:y or privacy policy can be applied to the infonnation before it Is 

50 returned to the applbatlons. 

Privacy Manager 

[0096] In one embodiment, a privacy manager 704 (Fig. 7) is provided. Although the privacy manager is illustrated 
55 as being incorporated on the device, it could be implemented by a trusted entity such as a trusted server that is not 
part of the mobile computing device. The privacy manager can be implemented in any suitable hardware, software, 
fimiware or combination thereof. In the illustrated example, the privacy manager comprises a software module that is 
incorporated in the mobile computing device. 
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[0097] The privacy manager 704 addresses privacy concerns that are associated with the infomnation that is collected 
by the computing device. Specifically, the location service module can calculate detailed information regarding the 
location of the computing device. It may be desirable, in some instances, to filter the information that is provided to 
various applications. That is, it is entirety likely that a user may not want their specific location infonmation provided to 
5 untrusted applications. In these instances a user might just desire for location service module 602 to infomi such 
applications that the user is in the State of Washington. 

[0098] Fig. 10 shows a flow diagram that describes steps in a privacy protection method in accordance with the 
described embodiment. These steps can be implemented by the privacy manager 704. 

[0099] Step 1 000 defines a plurality of privacy levels. Exemplary privacy levels are set forth in the table immediately 
10 below: 



20 



Privacy Level 


Approximate Scale 


Level of Revelation 


0 




No location information is returned 


10 


100,000 Km 


Planet/Continent 


20 


1,000 Km 


Country 


30 


ICQ Km 


State 


40 


10-100 Km 


City & County or Region 


50 


10 Km 


Postal Code & Phone Area Code 


60 


1 Km 


Full Postal Code (Zip + 4) & Area Code and Exchange 


70 


100 m 


Phone Number & Building/Floor 


80 


10m 


Room # 


90 


1m 


Exact Coordinates 



[01 00] In the illustrated table, 1 0 different privacy levels are defined and each has an associated approximate scale. 
30 For example, a privacy level of 0 means that no location infonmation is returned. A privacy level of 90 means that very 

detailed location infonnation is returned. 

[0101] Step 1002 assigns various privacy levels to the individual nodes in one or more hierarchical tree structures. 
For example, each node of the Master World and the Secondary Worids can have a privacy level associated with it. 
The root node of the Master Worid tree structure might have a privacy level of 10, while the node that represents a 

35 cun^ent location in a Secondary World might have a privacy level of 90. Step 1 004 detemiines the context of the com- 
puting device. In the present example, the context is the device location and examples of how this is done are given 
above. Individual applications that call the location service module can have privacy levels associated with them. These 
privacy levels can be assigned by individual users. For example, a trusted application might have a privacy level of 
90, while an untrusted application might have a privacy level of 30. Step 1006 receives context queries from one or 

40 more applications. Here, an application calls the location service module 602 (Fig. 7) to ascertain the location of the 
device. Step 1008 determines the privacy level associated with the application or applications. For example, if a un- 
trusted application calls to request location information, the privacy manager 704 would determine that the application 
has a privacy level of 30. The privacy manager then traverses (step 1010) one or more hierarchical tree structures to 
find a node with a corresponding privacy level so that it can select the infonnation that is associated with that node. In 

45 this example, the traversal might involve jumping from the Secondary Worid to the Master Worid to find the node that 
corresponds to the state in which the user is located. Once the corresponding node is found, step 1012 returns the 
context infonnation (e.g. location infonnation) associated with the node. In this case, the location service module would 
infomi the application that the user's location is the State of Washington. 

[0102] As an example, consider the following: There is a web site that gives up to the minute weather of various 
so locations. Accordingly, you might assign this web site a privacy level of 60 so that you can receive weather information 

for the geographical area that conresponds to your present full postal code. Another web site might be a corporation 

intranet web site that is a trusted web site. Thus, any applications associated with this web site can be assigned a 

privacy level of 90 so that you can give them precise location infonmation as to your whereabouts. 

[0103] Thus, in the present example, the computing device is able to detemnine the source (i.e. application) of its 
55 queries and modulate the information that is returned to the application as a function of the application's identity. The 

computing device is able to do this because it has access to the Master Worid and one or more Secondary Worids. 

The above description constitutes but one exemplary way of accomplishing this feat. 
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Location Beacons as a Location Provider 

[0104] In one ennbodiment, one of the location providers comprises a location beacon that beacons or transmits 
infomiatlon to enable a computing device to actively participate in Its current context. Location beacons can comprise 
5 standalone devices that can be retrofitted onto existing Infrastructures, e.g. a smoke detector or wall outlet in order for 
the device to have a power source. 

[0105] Fig. 11 shows an exemplary beacon 1100 that Is mounted on a structure 1102. Structure 1102 can be any 
suitable structure such as a wall In a conference room or public place, a smoke detector, an electrical socket and the 
like. In the described embodiment, the location beacons are small Inexpensive devk:es that can be permanently mount- 

10 ed in special locations such as conference rooms, building lobbies, airport gates, public places and the like. The bea- 
cons announce the physical location in the fonm of an EID and/or LUID to all mobile devices that are within range, such 
as laptops, tablet PCs, hand held computers, mobile phones, wearable computers and the like. 
[0106] In the described embodiment, the location beacon can Identify the particular locations by beaconing standard 
information that will be understood by the mobile computing devices. In the present example, the beacons can transmit 

15 one or two location identifier pairs comprising an E ID/URL pair and a LU ID/URL pair. The beacon might also transmit 
multiple LUIDs. The EID and LUID give the present node location in the Master World and Secondary World respectively. 
The URLs provide a reachable location for the Master and Secondary Worlds. For example, the URL associated with 
the Secondary World can give a service location that the device can use to query Infomiation about the Secondary 
World so that it can derive Its context and take advantage of resources or services that are associated with the nodes 

20 in the Secondary World. 

[0107] The beacons can also transmit a digital signature that can be used by the device to ascertain that the beacon 
is valid and legitimate. Any suitable signature or verification method could be used. In addition, and of particular use 
in the context-aware environment, the beacon can be programmed to transmit code download pointers to devices 
within range. The code download pointers can enable the computing device to access software code that permits them 

25 to Interact with their environment. Consider the following example: You walk into a conference room with your celi 
phone computing devk:e and immediately a beacon in the conference room transmits your location in the fomfi of an 
E ID/URL pair and a LUID/URL pair. Your device uses the Infomatlon pairs to ascertain its location In the Master and 
Secondary Wortds as described above. The beacon also transmits a code download pointer that points to software 
code that enables you to operate the video projector In the conference room using your hand-held cellular phone. In 

30 this manner, the beacon serves as more than just a location beacon — It permits you, through your computing device, 
to actively participate in your surroundings. 

[0108] The beacons can transmit the information in any suitable way, e.g. wireless methods including infrared and 
radio frequencies. In one embodiment, Bluetooth short range radio frequency communication can be used to provide 
a tow cost, low power alternative. 

35 

Context Aware Enterprise Computing Policy 
Overview 

40 [01 09] Corporations or "enterprises" often manage large scale computer networics that are used to enable members 
of the corporation or enterprise to be linked together with each other and with corporate or enterprise resources that 
can be used while in the enterprise computing environment. For example, a company can typically provide various 
members with computing devices (i.e. computers, laptops, handheld devics, mobile or portable computing devices and 
the like) that are to be used to assist the members in performing various job tasks. A continuing challenge for enterprises 

45 Is to find ways to effectively and efficiently promulgate and enforce policy with respect to its computing devices. En- 
terprise policy can be considered as a collection of rules established by the enterprise and enforceable, relative to the 
enterprise's computing devices, to define various parameters of the computing environment. Considerations such as 
who or which devices have access to which resources, how resources are to be used, how the computing device Is to 
be used, where the computing device is to be used and not to be used and the like, can all be impacted, in some way, 

so by the policies that enterprise system administrators define. 

[0110] In the past, policies have been defined and enforced largely on the basis of a user's or device's networi< 
identity and/or pertiaps on the capability or capacity of the device. For example, consider the situation of a company 
that has multiple servers each of which being associated with different types of resources that are utilized by the 
company. One server may be associated with the company's financial resources. These resources might only be need- 

55 ed by individuals In the company's Finance Group. Thus, a policy can be defined by a system administrator that limits 
access to these servers based upon the user's identity (i.e. is the user in the Finance Group?) and/or the Identity of 
the computer attempting to access the server (i.e. is the computer a dedicated Finance Group computer?). In this 
scenario, policy can be established based on the identity and/or physical location of the users and devices. 
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[0111] To a large degree, the traditional model for establishment and enforcement of enterprise policy is, in the future, 
going to have to yield to inventive new models that take into account the flexible computing environment in which users 
find themselves. 

[0112] In accordance with the described embodiment, methods and systems are provided for establishing and en- 
forcing enterprise policy that take into account not only the context of the computing device but, advantageously, chang- 
es in the device's context. A device's context is ascertained and then policy associated with that context is enforced. 
If and when the device's context changes, new or additional polk:ies can be enforced if appropriate. In one particular 
embodiment that is used as an example through the remainder of the discussion, the device's context comprises the 
device's particular location. It is to be understood and appreciated, however, that location is used as but one example 
of a device context and is used to assist the reader in understanding how the described principles can be employed 
in one specific instance. Accordingly, other device contexts can be used. As an example, the context of a computing 
device can be related to anything in the device's environment or pertain to what is going on around the computing 
device. Things such as ambient temperature, lighting conditions, and the like can be considered as defining aspects 
of the computing devbe's context. 

[01 13] In the described embodiment, computing devices are provided with policies, some of which pertain to enter- 
prise computing. These policies can be defined by system administrators in terms of their context dependence so that 
when the context of a computing device changes, so too does the set of policies that apply on the device. The policies 
can be expressed in terms of a common abstract or logical representation of context or, in a specific example, location. 
The common abstract or logical representation of context can advantageously be provided through the use of the 
above-described techniques and systems that utilize primary and secondary hierarchical tree structures to ascertain 
context and, in particular location. It is to be appreciated and understood that any suitable way of ascertaining context 
or location can be utilized to enable policy to be enforced as described below. 

[0114] In the illustrated example, each computing device has a policy engine, implemented in software, that receives 
context information or information associated with changes in context. Based on this received infonnation, the policy 
engine evaluates various policies to provide a resultant set of policies that are enforced on the device, typteally through 
the devrce's operating system. For example, a computing devkie might be located within a particular secure computing 
area that is ascertained as described above, through the use of a secondary worid structure on the devbe. When in 
this secure computing area, the user of the computer is able to woric freely on documents that are sensitive in nature 
in accordance with established policy. Upon leaving the secure computing area, however, the computing device de- 
tenmines its location (i.e. it determines that it is no longer located in the secure computing area), and the policy engine 
evaluates the policies to provide a new resultant set of policies that are now enforced. The new policies do not pemiit 
sensitive documents to be accessed or used when outside of the secure area. Alternately, sensitive portions of a 
document might be blanked out when outside of the secure area. 

Exemplary Architecture 

[01 1 5] Fig. 1 2 shows an exemplary architecture or system generally at 1 200 that is configured to implement a context- 
aware enterprise computing policy. The architecture can be implemented in any suitable hardware, software, firmware, 
or combination thereof. In the illustrated example, the architecture Is implemented in software that comprises part of 
an enterprise computing device. As an aside, it is to be appreciated and understood that while aspects of the described 
embodiment are described in the context of an enterprise computing device, aspects of the described embodiment 
could be implemented independent of an enterprise computing device. 

[01 16] System 1200 comprises a context servfce 1202 that provides context infonnation or context change events. 
A suitable context service is described above in connection with Fig. 6. A specific example of a context service in the 
form of a location service is described above in connection with Fig. 7. A policy engine 1204 is provided and is respon- 
sible for evaluating policies and determining, based on the device's current context, a resultant set of policies that 
apply. The resultant set of policies is then enforced on the devk:e. Enforcement of the policies can involve promulgating 
new settings or "state" to various applications 1206 that can be executing on and off of the devbe. 
[01 1 7] The device or, more specifically, the policy engine 1 204 can receive policies from a number of different policy 
sources. Exemplary policies can include device polrcies 1208 that pertain to the device and that come from the owner 
of the device; network policies 121 0 that pertain to one or more networks within which the device can operate and that 
come from networi< administrators that administer the networks; and enterprise policies 1212 that pertain to the enter- 
prise with which the device is associated and that come from an enterprise administrator. All of these polbies can be 
provided as inputs to the policy engine which, as a result of a cunrent device context, evaluates the policies and de- 
termines a resultant set of policies that is then enforced on the device. The policy engine 1204 can also receive, as 
inputs, user identity and attributes 1214 and device identity and attributes 1216. Ail of these inputs can be factored 
into an evaluation that is perfonmed by the policy engine 1204. 



19 



EP 1 220 510 A2 

Policy Authoring 

[0118] In one embodiment, advantages are achieved in the area of policy authorship. Specifically^ system adminis- 
trators can now be given the opportunity to author and define a rich, robust, and flexible set of policies that can be 

5 applied In many and varying contexts. This constitutes a noteworthy departure from the relatively inflexible systems in 
the past that enabled policy definition based only upon user or device identity and/or perhaps the device's static location. 
In accordance with the described embodiment, policy sets can be defined and then enforced in a dynamic manner. 
[0119] Fig. 13 shows a policy collection 1300 that comprises multiple different sets of policies, with exemplary policy 
sets being shown at 1302, 1304, and 1306. Policy set 1302 is associated with a first device context designated as 

10 "context type 1 **: policy set 1 304 is associated with a second device context designated as "context type 2"; and policy 
set 1 306 is associated with a third device context in the form of location designated as "location". A system administrator 
1308 can define various policies and associate those policies with a particular context type. The defined policies then 
collectively provide a policy collection that can be evaluated by a policy engine (e.g. policy engine 1 204) so that as a 
device's context changes, so too does the resultant set of policies that get applied on the device. Additionally, various 

'5 contexts for which policies are being authored need not be known at the time the policy enforcement technology is 
being built. 

[0120] As an example, consider the following: In a particular enterprise, certain computing devices are deemed as 
special computing devices that are not to leave the enterprise premises. Perhaps there are resources associated with 
the computing devices that are sensitive in nature. For example, an enterprise might be testing new proprietary software 

20 on the computing devices. A system administrator then defines a policy that establishes that if a special computing 
device leaves the enterprise premises, the computing device is to either lock up so that no one can use it, or purge 
itself of the proprietary software. In accordance with the described embodiment, the special computing devices are 
able to detenmine their location from a location service that is onboard the device. An exemplary location service is 
described above. If and when a computing device leaves the enterprise premises, the location service provides the 

25 location inf omiation to the device's policy engine 1 204 (Fig. 1 2). For example, If the device moves to a new node within 
an applicable Secondary Worid, this information is used to trigger a policy re-evaluation. The policy engine then re- 
evaluates the policy collection 1300 to provide a new resultant set of policies that are specif k: to the device's new 
location. The new policies are now enforced through the device's operating system as described above. In the described 
embodiment, policy enforcement is secure because the policy engine is a trusted resource of the operating system. 

30 Enforcement in this specific example Involves either locking up the device so that no one can use it, or pennanently 
removing the proprietary software from the device. 

[0121] Fig. 14 is a flow diagram that describes steps in a policy authoring method in accordance with the described 
embodiment. The method can be implemented in any suitable hardware, software, firmware, or combination thereof. 
In the illustrated example, the method is implemented in software. 

35 [0122] Step 1400 provides a common abstract or logical representation of context. In the illustrated example, this 
step is implemented through the use of the primary and secondary hierarchical structures described above. In this 
specific example, the primary and secondary hierarchical structures comprise the Primary and one or more Secondary 
Worlds. Step 1 402 expresses one or more policies as a function of the common abstract or logical representation of 
context. In the location example, the policies are expressed as a function of the abstract representation of location, i. 

40 e. the Primary and/or one or more Secondary Worids. This step can be implemented by a system administrator defining 
the policies that are to comprise a policy collection. Step 1404 then makes the expressed policies available to one or 
more computing devices. In the illustrated example, the computing devices comprise enterprise computing devices. 
The policy can be made available to the devices in any suitable way. For example, the policies can be provided to the 
devices via an enterprise network, wirelessly etc. 

45 

Dynamic Evaluation and Enforcement of Policies 

[01 23] Once the policy collection has been defined as described above, it can now be used as the basis of an adapt- 
able, dynamic, context-sensith/e policy evaluation and enforcement environment. The policy collection can have poli- 

50 cies defined in terms of, among other variables, physical and/or logical locations. Physical locations can be provided 
by the Primary World, while physical and logical locations can be provided by one or more Secondary Worids. 
[0124] Fig. 15 is a flow diagram that describes steps in a policy evaluation and enforcement method in accordance 
with the described embodiment. The method can be implemented in any suitable hardware, software, fimriware, or 
combination thereof. In the illustrated example, the method is implemented in software that is executing on one or 

55 more computing devk:es, such as an enterprise computing devrce. 

[0125] Step 1500 provides a policy collection comprising one or more sets of polteies. Each set of polk:ies can have 
one or more individual poricies. The policies can be expressed in terms of a common abstract or logbal representation 
of context as described above. The policies can be stored on the enterprise computing devices and can be acquired 
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by the computing devices in any suitable way. Alternately, the policies can be stored on an accessible computing device 
such as a server or the like. Step 1502 determines the context of the computing device. This step can be Implemented 
using the techniques described above insofar as the device has software that is able to process context information 
provided to it from context providers. In a specific Implementation, the context information is provided in the form of 
location information. It is to be appreciated and understood that the computing device can detemiine its context in 
more indirect ways. Specifically, rather than directly detemnining device context through the use of a context service, 
the computing device can detemnine its context from other devices, networks, websites and the like. As an example, 
consider that a computing device detemnines its location using a location servrce, but desires to detemnine another 
context associated with that location. By knowing the location, the computing can access a web site that maintains a 
list of specific contexts for that particular location. Perhaps the web site tracks the temperature, lighting conditions, 
pollen count and the like. Thus, this step can also be implemented by the computing device indirectly determining its 
context. 

[0126] Step 1504 evaluates the policy collection, based on the context infomnation, to provide a resultant set of 
polk^ies. This step can be implemented by a polk^y engine on the computing device. That is, this step can be Imple- 
mented locally on the computing device Itself. Altemately, this step can be implemented remotely from the computing 
device as by another computing device such as a server that is accessible via a suitable network. In this case, It is 
possible for the policy engine to be located remotely from the subject computing device on which the policy is to be 
enforced. Step 1506 then enforces the resultant set of policies on the device. This step can be Implemented by the 
policy engine causing resultant settings or state to be promulgated to various applications that can be executing or 
executable on or off the device. Altemately, this step can be implemented by a remote computing device, such as the 
server mentioned above, pushing down a resultant set of policies to the computing device. Step 1 508 detemnines 
whether there has been a context change. This step can be implemented by the device receiving context information 
from context providers, and then using the context information to detemnine, based on the primary and/or secondary 
hierarchical tree stnjctures, whether the device has in fact experienced a context change. This step can also be im- 
plemented by the device indirectly determining its context as described above. If the device has experienced a context 
change, then the method can branch back to step 1502 which determines the new context of the device and repeats 
the steps described above. If, on the other hand, the device has not experienced a context change, then the method 
branches back to step 1506 which continues to enforce the current result set of policies. 

[01 27] This process provides a system that has policies that are dynamically adaptable to new device or user con- 
texts. Enterprise computing devices that are portable can now detemnine, automatically, their present context and have 
policies that are adapted to various contexts implemented in an automatic fashion. As device context changes, e.g. 
physical or logical location, so too can the policies that are enforced on the device. The policies can be expressed in 
terms of physical and/or logical location by system administrators who now have at their disposal a robust set of tools 
to adequately protect and administer system resources. 

[0128] To further assist the reader in understanding the principles described above, the following examples are given. 
It is to be appreciated and understood that the following constitutes but exemplary scenarios in which the inventive 
principles can be employed. These specific scenarios are not intended to limit applk;ation of the claimed subject matter 

in any way. 

Example 1 

[0129] A particular user has an enterprise computing device with strong (e.g. 128-bit) encryption capabilities. The 
user has to leave the United States and travel abroad in foreign countries visiting various clients. Federal regulations 
prohibit the export of a computing device with 128-bit encryption capabilities but permit the export of a device with 
64-bit encryption capabilities. Accordingly, when the user's device determines, through the above described location 
service, that it has left the United States, poltey onboard the device causes the encryption strength to be automatfeally 
downgraded. 

Example 2 

[0130] Assume that a user has a portion of the file system on their computing device encrypted with a particular 
certificate. It is desired by the enterprise that those specific files not leave the United States. If the user's computing 
device ascertains that its location is no longer in the United States, policy onboard the computing device causes the 
certificate to be permanently deleted. The user must then return to the U.S. and reacquire the certificate to access the 
portion of their file system that was encrypted. 
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Example 3 

[0131] A user's computing device can have policy that requires the computing device to use local telephone numbers 
(or 1-800 numbers) when attempting to establish a connection with an ISP for cost savings. When the user is out of 
5 town, the policy causes the computing device to call only local numbers, associated with the user's present location, 
to establish a connection with an ISP. 

Example 4 

10 [01 32] The system administrator establishes a policy that when an enterprise computing device is off of the corporate 
campus, a user login must be used and that two failed attempts to log onto the device automatically locks the device 
down. This lock down is to remain in place until the device is returned to the corporate campus. Accordingly, if a user's 
device is stolen, it is unlikely that a thief will be able to tog onto the device. 

IS Example 5 

[0133] Policy is established by a system administrator that requires multiple authentication methods (i.e. smartcard, 
password, biometric) when computing from outside of the corporate campus. Accordingly, when the user removes the 
computing device from the corporate campus, the device detects that it is no k)nger there, and the polk:y engine causes 
20 the enhanced authentication to take place. 

Example 6 

[01 34] Policy is established by a system administrator that computer usage and the location where such usage takes 
25 place must be logged for purposes of auditing or perhaps billing. Accordingly, a user travels around, the policy ensures 
that all computer usage is logged together with the location associated with the usage. 

Example 7 

30 [0135] The corporate enterprise has a large campus with many buildings. Employees are typically required to travel 
between different buildings throughout the day for meetings, presentations and the like. For some employees, it is 
critical that they not miss phone calls or messages. Accordingly, the system administrator authors a policy that all or 
selected computing devices must report their location to a central server when on the corporate campus. Based on 
the reported location, phone calls can be automaticatly routed directly to a conference or meeting room where particular 

35 individuals are located. 

Example 8 

[0136] The system administrator establishes a policy that while on the corporate campus, all games on enterprise 
40 computing devices are disabled. Accordingly, when the computing devices detemnine that their location is on the cor- 
porate campus, the policy engine causes all games on the device to be disabled. When the computing device detects 
that it is no longer on the corporate campus, the policy engine re-evaluates the policy collection and causes the games 
to be enabled. 

4* Example 9 

[0137] A policy is established that the default printer for a computing device, when the computing device is on the 
corporate campus, should be the physically closest printer. Accordingly, a computing device detemnines its location 
and, based upon this determination and the governing policy, automatically selects the closest physical printer to be 
so the default printer. As the devk^e moves about the corporate campus, the location information that is received by the 
policy engine causes the engine to re-evaluate the policy collection to ensure that the closest physical printer is selected 
as the default printer. This policy can be disabled when the device is moved off of the corporate campus. 

Example 1 0 

55 

[01 38] The enterprise determines that when an employee's mobile phone and mobile computer report different phys- 
ical locations, there is a high degree of likelihood that the employee is away from their computer. (In this example, both 
computing devrces are context-enabled In the sense that each can determine its physical location and report that 
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physical location to a central server). Accordingly, for security purposes, the administrator authors a policy that when 
such is the case, the login for the mobile computer is disabled. Accordingly, the login is enabled only when the mobile 
phone and the mobile computing device report the same physical location. 

Conclusion 

[0139] The embodiments described above provide a uniform, standardized way to enhance the world of context 
aware computing. The embodiments provide a way for individuals to uniquely experience the world around them by 
ascertaining their location in the world in a standard way. The embodiments also provide a way for service providers 
to uniquely position their goods and services in a manner that is sensitive to and appreciates the contexts, e.g. locations, 
of various consumers of the goods and services. Unique and useful architectures and data structures are employed 
to facilitate the user's computing experience and provide for an individual-centric experience. 
[0140] Although the Invention has been described in language specific to structural features and/or methodological 
steps, it is to be understood that the invention defined in the appended claims is not necessarily limited to the specific 
features or steps described. Rather, the specific features and steps are disclosed as prefen-ed fomris of Implementing 
the claimed invention. 



Claims 

1 . A computing device comprising: 

one or more processors; 

memory operably associated with the one or more processors; 

one or more applications loadable in the memory and executable on the one or more processors; and 
the one or more processors being configured to: 

receive context information from externally of the device, the context infonnation pertaining to one or more 
current device contexts; 

automatically determine one or more current contexts from the context information; 

locally evaluate a collection of policies in connection with the one or more current contexts to provide a 

resultant set of policies; and 

enforce the resultant set of policies on the one or more applications. 

2. The device of claim 1 , wherein the device is configured to receive context inf omiation from multiple different context 
providers that provide different types of context infonmation. 

3. The device of claim 1 further comprising one or more hierarchical traversable tree structures on the device, the 
tree structures comprising individual nodes each of which being associated with a device context, the device being 
configured to automatically determine one or more current contexts by traversing at least one node on at least one 
of the tree structures. 

4. The device of claim 3, wherein the one or more hierarchical tree structures comprise at least one primary tree 
structure, at least one secondary tree structure, and at least one link between the primary and secondary tree 
structures, the link being traversable to detemriine the one or more current contexts. 

5. The device of claim 3, wherein the one or more hierarchical tree structures provide a common abstract represen- 
tation of context. 

6. The devtee of claim 1 , wherein the device is configured to determine the one or more current contexts dynamically 

7. The device of claim 1 , wherein the device is configured to receive policies from different policy sources. 

8. The device of claim 1 , wherein the device is configured to receive policies from different polk:y sources, the policies 
from the different policy sources being defined in temis of a common abstract representation of context. 

9. The device of claim 1 embodied as an enterprise device, the collection of policies comprising at least enterprise 
policies that are defined In ternns of a common abstract representation of context. 
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10. The device of claim 1 embodied as a portable device. 

11. The device of claim 1 embodied as a wireless device. 
5 12. The device of claim 1 embodied as a handheld device. 

13. A computing device comprising: 

one or more processors; 
10 memory operably associated with the one or more processors; 

one or more applications loadable In the memory and executable on the one or more processors; and 
the one or more processors being configured to: 

receive context information from externally of the device, the context information pertaining to a current 
15 device context; and 

enforce a set of policies on the one or more applications, the set of policies pertaining to a current context 
that is associated with the context infomiation. 

14. The computing device of claim 13, wherein the one or more processors are configured to determine the current 
20 context from the context information. 

15. The computing device of claim 13, wherein the one or more processors are configured to locally evaluate a col- 
lection of policies, in connection with the received context Infomiation, to provide the set of policies. 

25 16. A method of operating a computing device comprising: 

receiving context infomiation from externally of a computing device, the context information pertaining to a 
current device context; 

automatically determining, with the computing device, a current context using the context infomiation; 
30 evaluating a collection of policies in connection with the current context to provide a resultant set of policies; and 

enforcing the resultant set of policies on one or more applications that are executable by the computing device. 

17. The method of claim 16, wherein said evaluating comprises locally evaluating the collection of policies using the 
computing device. 

35 

18. The method of darm 16, wherein said evaluating comprises evaluating the collection of policies remote from the 
computing device. 

19. The method of claim 16, wherein said receiving comprises receiving context Information from multiple different 
40 context providers that provide different types of context information. 

20. The method of claim 16, wherein said receiving comprises wirelessly receiving the context infonnation. 

21. The method of claim 16, wherein said automatically determining comprises: 

45 

providing one or more hierarchical traversable tree structures on the device, the tree structures comprising 

individual nodes each of which being associated with a device context; and 

traversing at least one node on at least one of the tree structures to provide the current context. 

50 22. The method of claim 21 , wherein the one or more hierarchical tree structures comprise at least one primary tree 
structure, at least one secondary tree structure, and at least one link between the primary and secondary tree 
structures, the link being traversable to detemnine the device's cun-ent context. 

23. The method of claim 21 , wherein the one or more hierarchical tree structures provide a common abstract repre- 
55 sentation of context. 

24. The method of claim 16 further comprising receiving policies from . multiple different policy sources. 
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25. The method of claim 16 further comprising receiving policies from multiple different policy sources, the policies 
being defined in terms of a common abstract representation of context. 

26. The method of claim 16, wherein the computing device comprises an enterprise computing device and further 
comprising receiving policies from an enterprise policy source, the policies being defined In tenns of a common 
abstract representation of context. 

27. One or more computer-readable media having computer-readable Instructions thereon which, when executed by 
a computer, cause the computer to Implement the method of claim 16. 

28. A method of operating a computing device comprising: 

receiving context infomnation from externally of a computing device, the context information pertaining to a 
current device context; and 

enforcing the resultant set of policies on one or more applications that are executable by the computing device, 
the resultant set of policies pertaining to a context that Is associated with the context infonmatlon that is re- 
ceived. 

29. The method of claim 28 further comprising determining, on the computing device, a context that is associated with 
the context infomnation. 

30. The method of claim 28 further comprising locally evaluating a collection of policies responsive to receiving the 
context infomnation, said evaluating providing a resultant set of policies. 

31 . The method of claim 28 further comprising receiving one or more policies from externally of the computing device, 
said one or more policies being associated with a context which is, in turn, associated with the context information. 

32. A computing device comprising: 

one or more processors; 

memory operably associated with the one or more processors; 

one or more applications loadable in the memory and executable on the one or more processors; and 
the one or more processors being configured to: 

receive context information from externally of the device, the context Information pertaining to a current 
device context; 

automatically determine a current context from the context infomnation; 

locally evaluate a collection of policies in connection with the current context to provide a resultant set of 

policies; 

enforce the resultant set of policies on the one or more applications; and 
responsive to receiving context information that indicates a change of cunrent context: 

locally re-evaluate the collection of policies to provide a new resultant set of policies; and 
enforce the new resultant set of policies on the one or more applications. 

33. The device of claim 32, wherein the device is configured to receive context infomnation from multiple different 
context providers that provide different types of context information. 

34. The device of claim 32 further comprising one or more hierarchical traversable tree structures on the device, the 
tree structures comprising individual nodes each of which being associated with a device context, the device being 
configured to automatically detenmine its curent context by traversing at least one node on at least one of the tree 

structures. 

35. The device of claim 34. wherein the one or more hierarchical tree structures comprise at least one primary tree 
structure, at least one secondary tree stmcture, and at least one link between the primary and secondary tree 
structures, the link being traversable to detenmine the device's curent context. 

36. The device of daim 34, wherein the one or more hierarchical tree structures provide a common abstract repre- 



25 



EP1 220 510 A2 



sentatlon of context. 

37. The device of claim 32, wherein the device is configured to detenxilne cun-ent context dynamically. 

5 38. The device of claim 32, wherein the device Is configured to receive policies from different policy sources. 

39. The device of claim 32, wherein the device is configured to receive policies from different policy sources, all of the 
policies being defined in terms of a common abstract representation of context. 

10 40. A method of operating a computing device comprising: 

wireiessly receiving context information from externally of a computing device, the context infomnation per- 
taining to a cun^ent device context; 

automatically detemnining, with the computing device, a current context using the context infomnation; 
15 locally evaluating, with the computing device, a collection of policies in connection with the current context to 

provide a resultant set of policies; 

enforcing the resultant set of policies on one or more applications that are executable by the computing device; 
determining whether the device's current context has changed and if so, automatically detemiining a new 
current context using received context infomnation; 
20 responsive to detemnining the new current context, locally re-eva!uatlng, with the computing device, the col- 

lection of policies to provide a new resultant set of policies for the new current context; and 
enforcing the new resultant set of policies on the one or more applications. 

41. The method of claim 40, wherein said receiving comprises receiving context information from multiple different 
25 context providers that provide different types of context infomnation. 

42. The method of claim 40, wherein said acts of automatically detemnining comprise: 

providing one or more hierarchical traversable tree structures on the device, the tree structures comprising 
30 individual nodes each of which being associated with a device context; and 

traversing at least one node on at least one of the tree structures to provide the current context. 

43. The method of claim 42, wherein the one or more hierarchical tree structures comprise at least one primary tree 
structure, at least one secondary tree structure, and at least one link between the primary and secondary tree 

35 structures, the link being traversable to determine the device's cunrent context. 

44. The method of claim 42. wherein the one or more hierarchical tree structures provide a common abstract repre- 
sentation of context. 

^0 45. One or more computer-readable media having computer-readable instructions thereon which, when executed by 
a computer, cause the computer to implement the method of claim 40. 

46. A computing device comprising: 

45 one or more processors; 

memory operably associated with the one or more processors; 

one or more applications loadable In the memory and executable on the one or more processors; and 
the one or more processors being configured to: 

50 receive location infomnation pertaining to a current device location; 

automatically detemiine a current location from the location information; 

locally evaluate a collection of policies in connection with the current location to provide a resultant set of 
policies; and 

enforce the resultant set of policies on the one or more appi nations. 

55 

47. The computing device of claim 46, wherein said one or more processors are configured to receive location infor- 
mation from externally of the device. 
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48. The computing device of claim 46, wherein the device is configured to receive location information from multiple 
different location providers that provide different types of location infomiation. 

49. The computing device of claim 46, further comprising one or more hierarchical traversable tree structures on the 
5 device, the tree staictures comprising individual nodes each of which being associated with a device location, the 

device being configured to automatically detemnine its current location by traversing at least one node on at least 
one of the tree structures. 

50. The computing device of claim 49, wherein the one or more hierarchical tree structures comprise at least one 
10 primary tree structure, at least one secondary tree structure, and at least one link between the primary and sec- 
ondary tree structures, the (ink being traversable to determine the device's current location. 

51 . The computing device of claim 49, wherein the one or more hierarchical tree structures provide a common abstract 
representation of location. 

15 

52. The computing devk:e of claim 46, wherein the device is configured to detennlne the current location dynamically. 

53. The computing device of claim 46, wherein the device is configured to receive polk:ies from different policy sources. 

^ 54. The computing device of claim 46, wherein the devk;e Is configured to receive policies from different policy sources, 
the policies from the different policy sources being defined in tenns of a common abstract representation of location. 

55. A method of operating a computing device comprising: 

25 receiving location infomiation pertaining to a current device location; 

automatically detennining, with the computing device, a current location using the location information; 
locally evaluating, with the computing device, a collection of policies in connection with the current location to 
provide a resultant set of policies; and 

enforcing the resultant set of policies on one or more applications that are executable by the computing device. 

30 

56. The method of claim 55, wherein said receiving comprises receiving the location intomriation from externally of the 
device. 

57. The method of daim 55, wherein said receiving comprises receiving location infonmatlon from multiple different 
35 location providers that provide different types of location infomiation. 

58. The method of claim 55, wherein said receiving comprises wirelessly receiving location information from multiple 
different location providers that provide different types of location infomiation. 

59. The method of claim 55, wherein said automatically determining comprises: 

providing one or more hierarchteal traversable tree structures on the devk^e. the tree structures comprising 

individual nodes each of which being associated with a devk:e location; and 

traversing at least one node on at least one of the tree structures to provide the current location. 

45 

60. The method of claim 59, wherein the one or more hierarchical tree structures comprise at least one primary tree 
structure, at least one secondary tree structure, and at least one link between the primary and secondary tree 
structures, the link being traversable to detennlne the device's cunrent location. 

so 61 . The method of claim 59. wherein the one or more hierarchical tree structures provide a common abstract repre- 
sentation of location. 

62. The method of claim 55 further comprising receiving polbies from multiple different policy sources. 

S5 63. The method of claim 55 further comprising receiving polk;ies from multiple different policy sources, the policies 
being defined in temis of a common abstract representation of location. 

64. One or more computer-readable media having computer-readable instructions thereon which, when executed by 
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a computer, cause the computer to implement the method of claim 55. 

65. A computing device comprising: 

one or more processors; 

memory operably associated with the one or more processors; 

one or more applications loadable in the memory and executable on the one or more processors; and 
the one or more processors being configured to: 

receive location infomiation pertaining to a current device location; 
automatically determine a current location from the location information; 

locally evaluate a collection of policies in connection with the current location to provide a resultant set of 
policies; 

enforce the resultant set of policies on the one or more applications; and 

responsive to receiving location infomnation that indicates a change of current location: 

locally re-evaluate the collection of policies to provide a new resultant set of policies; and 
enforce the new resultant set of policies on the one or more applications. 

66. The computing device of claim 65, wherein the one or more processors are configured to receive location infor- 
mation from externally of the device. 

67. The computing device of claim 65, wherein the device is configured to receive location information from multiple 
different location providers that provide different types of location infonnation. 

68. The computing device of claim 65 further comprising one or more hierarchical traversable tree structures on the 
device, the tree structures comprising individual nodes each of which being associated with a device location, the 
device being configured to automatically detemnine its current location by traversing at least one node on at least 
one of the tree structures. 

69. The computing device of claim 68, wherein the one or more hierarchical tree structures comprise at least one 
primary tree structure, at least one secondary tree structure, and at least one link between the primary and sec- 
ondary tree structures, the link being traversable to detemnine the devk:e's current location. 

70. The computing device of claim 68, wherein the one or more hierarchical tree structures provide a common abstract 
representation of context. 

71. The computing device of claim 65, wherein the device is configured to receive policies from different policies 
sources. 

72. The computing devk:e of claim 65, wherein the device is configured to receive policies from different policies 
sources, all of the policies being defined in tenms of a common abstract representation of location. 

73. A method of operating a computing device comprising: 

wireiessly receiving location information from externally of a computing device, the location information per- 
taining to a current device location; 

automatically determining, with the computing device, a current location using the location infomnation; 
locally evaluating, with the computing device, a collection of policies in connection with the cun^ent location to 
provide a resultant set of policies; 

enforcing the resultant set of policies on one or more applications that are executable by the computing device; 
determining whether the device's current location has changed and if so, automatically detemnining a new 
current location using received location infomnation; 

responsive to determining the new current location, locally re-evaluating, with the computing device, the col- 
lection of policies to provide a new resultant set of polteies for the new current location; and 
enforcing the new resultant set of policies on the one or more applications. 

74. the method of claim 73, wherein said receiving comprises receiving location Information from multiple different 
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location providers that provide different types of location information. 

75. The method of claim 73, wherein said acts of automatically determining comprise: 

providing one or more hierarchical traversable tree structures on the device, the tree structures comprising 

individual nodes each of which being associated with a device location; and 

traversing at least one node on at least one of the tree structures to provide the current location. 

76. The method of claim 75, wherein the one or more hierarchical tree structures comprise at least one primary tree 
structure, at least one secondary tree structure, and at least one link between the primary and secondary tree 
structures, the link being traversable to determine the device's current location. 

77. The method of claim 75, wherein the one or more hierarchical tree structures provide a common abstract repre- 
sentation of location. 

78. One or more computer- readable media having computer-readable instructions thereon which, when executed by 
a computer, cause the computer to implement the method of claim 73. 

79. A computing device comprising: 

one or more processors; 

memory operably associated with the one or more processors; 

one or more applications loadable in the memory and executable on the one or more processors; and 
the one or more processors being configured to: 



collect policies from multiple different polk^ sources to provide a collection of policies, the policies being 
expressed in temns of context dependencies associated with multiple different device contexts; 
receive context infomnation from externally of the device, the context infonnation pertaining to a current 
device context; 

30 automatically determine a current context from the context infonnation; 

locally evaluate the collection of polrcies in connection with the current context to provide a resultant set 
of policies; and 

enforce the resultant set of policies on the one or more applk^ttons. 
35 80. The device of claim 79, wherein the device is configured to: 

automatically detennine when its context has changed; 

locally re-evaluate the collection of policies to provide a new resultant set of policies responsive to a context 
• change; and 
40 enforce the new resultant set of policies. 

81 . The device of claim 79. wherein the context comprises location. 

82. A method of operating a computing device comprising: 

45 

collecting policies from multiple different policy sources to provide a collection of policies, the policies being 
expressed in terms of context dependencies associated with multiple different devk;e contexts; 
receiving context infonnation from externally of a computing device, the context infonnation pertaining to a 
current device context; 
50 automatically detennlning a cun-ent context from the context infonnation; 

locally evaluating the collection of policies in connection with the current context to provide a resultant set of 
policies; and 

enforcing the resultant set of polrcies on the device. 

S5 83. The method of claim 82 further comprising: 

automatically detennlning when a device context has changed; 
determining a new device context; 
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tocalty re-evaluating the collection of policies in connection with the new device context to provide a new 
resultant set of policies; and 

enforcing the new resultant set of policies on the device. 

84. One or more computer-readable media having computer- readable instructions thereon which, when executed by 
a computer, cause the computer to Implement the method of claim 82. 

85. One or more computer-readable media having computer- readable instructions thereon which, when executed by 
a computer, cause the computer to Implement the method of claim 83. 



86. A programmable computing device programmed with instructions that implement the method of claim 82. 

87. A programmable computing device programmed with instructions that implement the method of claim 83. 

15 88. A method of providing policies for enforcement on computing devices comprising: 

providing a representation of location using multiple hierarchical tree structures each of which comprising 
multiple nodes, each node representing a location that can be either a physical location or a logical location, 
the tree structures comprising at least one link between them that can serve as a basis for a traversal operation 
^ that traverses the multiple tree structures to derive a computing device location; and 

expressing multiple policies as a function of the representation of location. 

89. One or more computer-readable media having computer-readable instructions thereon which, when executed by 
a computer cause the computer to implement the method of claim 88. 



90. A method of providing policies for enforcement on computing devices comprising: 



expressing multiple policies as a function of an abstract representation of location that uses multiple hierar- 
chical tree structures each of which comprising multiple nodes, each node representing a location that can be 
30 either a physical location or a logical location, the tree structures comprising at least one link between them 

that can serve as a basis for a traversal operation that traverses the multiple tree structures to derive a com- 
puting device location; and 

making the multiple policies available to computing devices. 

35 91. A computer architecture comprising: 

a context service that provides context infomnation or context change events that pertain to the context of a 
computing device; and 

a policy engine communicatively linked with the context service and configured to: 

40 

receive context information or context change events from the context service; 

evaluate a collection of policies to provide a resultant set of policies responsive to the context information 

or context change events; and 

enforce the resultant set of policies on a computing devk^e. 

45 

92. The computer architecture of claim 91, wherein the policy engine is configured to enforce the resultant set of 
policies by promulgating new settings for one or more applications that are executable by the computing device. 

93. The computer architecture of claim 91 , wherein the policy engine is configured to enforce the resultant set of 
so polrcies by promulgating new state for one or more applrcations that are executable by the computing device. 

94. The computer architecture of claim 91, wherein the policy engine is configured to receive policies from multiple 
different policy sources. 

55 95. A computing device embodying the computer architecture of claim 91 . 

96. An enterprise computing device embodying the computer architecture of claim 91 . 
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97. A computer system comprising: 

a context service that provides context information or context change events that pertain to the context of a 
computing device; and 

5 a policy engine communicatively linked with the context service, but remote from the computing device, and 

configured to: 

receive context information or context change events from the context service; 
evaluate a collection of policies to provide a resultant set of policies responsive to the context information 
10 or context change events; and 

provide the resultant set of policies to the computing device. 



15 



20 



25 



30 



35 



40 



45 



50 



31 




32 



EP 1 220 510 A2 




33 



EP1 220 510A2 




34 



EP1 220 510 A2 




EP1 220 510A2 




36 



EP 1 220 510 A2 



0) 

c 
o 

I 

Q. 
Q. 
< 



/ \ 









o 








^acy 


lager 






Mar 



sjspjAOJd uoDeool 



/ 



CD 
O 
CO 



0) 

c 
CO 



o 
'S 
o 




CO 

o 

CO 



CO 

o 

CO 



CD 

o 

CD 



\ 



.18 

S CD 



a. 
< 



CM 
O 
00 



2 

0. 



Iq 

0- z: 

O 



o 

CO 

O 



CO 

CL 



r 

CO 


r 

CD 


r- 

CD 


CD 




O 
CD 


O 
CO 


O 
CO 



SDiAaa Buj^ndujoo 



37 




38 



EP1 220 510 A2 





o 


2 


2 




•«-» 


</) 


cal 


<D 


lev 


chii 




rar 




CD 


,> 


Ic 


a. 


CO 


c 


c 


ssig 




es 


< 


nod 



r 



.1^ 



CM 
O 

o 





39 



EP1 220 510A2 




40 



EP1 220 510A2 




41 



EP 1 220 510 A2 



Or 



Csl 
O 
CO 




A. 
sr 



X 

o 



c 

o 

t3 

o 
O 

1^ 

o 
Q. 



11^ 



_ o 

s « 




2 



E 

< 

E 

m 
>. 
CO 



r 



00 

o 

CO 



r 



O 

o 

CO 



42 



EP 1220 510 A2 





.I' 



43 



